By John Emmitt

Industry research shows that 95% of organizations use Open Source Software (OSS) in their mission critical applications. There are a number of reasons for this, including being able to develop applications faster and with higher quality. And, hey, its free, right? Last year (2016), there were 79 billion (with a 'B') downloads of OSS components!

At the same time, most organizations have no idea how much open source code they are actually using. In fact, the data says that organizations typically are aware of less than 10% of the open source software they are using.

For enterprises that are developing applications for internal use, OSS represents a potential security risk-- there are software vulnerabilities in many OSS components. Well known OSS exploits include Heartbleed, Ghost and Shellshock. How many of those 79 billion downloads had more than 1 software vulnerability? 1 out of every 16. That's more than 4.9 billion OSS components.

What can you do about this?

Many companies do the following to manage open source software use:

• They have an Open Source Review Board that-- reviews and approves all OSS use, checks components for security risks, and creates a standard set of approved OSS components
• They have an OSS policy that they enforce
• They use tools to have an automated OSS Request / Approval process, keep a History of OSS use, and have a Repository for OSS components
• They scan their code to check for OSS and third party components, and vulnerability risk

There is also license compliance risk when using OSS, particularly for companies that are developing applications for sale or use outside of their own organization. Depending on the open source license being used for a given OSS component, there are different requirements, including, in some cases, the requirement to release your source code to the public. This is the case for the GPL v2 and GPL v3 licenses, for example.

Here is a handy field guide to OSS licensing:

We have also put together a checklist for open source software license compliance:

You can download a copy of this field guide and compliance checklist here.

To learn more about Flexera's FlexNet Code Insight product, please visit our website.

You might also be interested in our on-demand Webinar: The State of Open Source Software (OSS): 2016 Year in Review. 

By John Emmitt

Flexera’s CEO, Jim Ryan, recently presented at the Microsoft Inspire event where Flexera and Microsoft announced a new initiative to transform the software supply chain. As noted in this article on the ITAM Review website— Flexera & Microsoft join forces to crunch ELPs—

“Combining Flexera’s FlexNet Manager Suite with Microsoft’s Intelligent Asset Manager, the aim is to remove the need for expensive, disruptive [software] audits and instead allow partners and customers to focus on delivering value and business transformation.”

Following on the heels of the Microsoft Inspire announcement, Flexera is hosting a live streaming event-- The Game Has Changed,  on August 17^th (10 am CT) where we will discuss why:

• Software Asset Management (SAM) can’t live in a silo anymore
• Stakeholders require easier access to more complete data than ever before
• More collaboration is required than ever before
• Software vendors need to step up and support the SAM process
• The entire IT ecosystem must be more tightly connected

Duncan Jones, Vice President and Principal Analyst at Forrester, will be one of our special guest speakers. Duncan serves Sourcing and Vendor Management professionals.

Register here to join our live event.

Our goal is to create a software supply chain that is efficient and transparent. This takes wasted expense and risk out of the supply chain for you, the software buyer.

One of the primary goals of the transformed software supply chain is to move away from the focus on software license compliance and focus more on delivering cost savings and business value. Two thirds of businesses get audited at least once every year by software vendors (or their 3^rd party delegates). And, audits are typically very time consuming—hundreds, if not thousands, of staff hours can be spent preparing for an audit. Let’s eliminate that!

In addition, Software Asset Management is becoming more important to C-level executives and others across the business. As a result, SAM data needs to be more accessible to all of these stakeholders.

The themes in this event tie into the exciting new capabilities in the next release of FlexNet Manager Suite, coming on August 9^th, 2017. Our new Insights Data Analytics dashboard gives each of your users their own view of your hardware and software asset data. It’s extremely configurable to enable them to adjust their view to see exactly what they need to better perform their work.

Cloud and SaaS are key areas of focus for SAM going forward. During the event, you’ll also hear about new capabilities for managing SaaS applications. With the rapid adoption of cloud services you need the ability to control costs and get more value from these services. Attend the event to learn more!

Hear more about how IT Operations, Finance, Procurement and IT Security can collaborate to improve software governance, optimize costs for software and cloud services and mitigate IT security and license compliance risk.

Register for The Game Has Changed

Flexera is reimagining the way that software is Bought, Sold, Managed and Secured.

By Eric J. Feldman

How many applications are in your enterprise? Which of these applications are still supported by the vendor, and which are no longer supported? More importantly, are you paying maintenance for every application, even those that are “end of life?”

Understanding your software’s “Service Life,” the product’s total release lifecycle is an important part of your Software Asset Management program. Service Life policies vary considerably by vendor and product. Many software vendors reduce support over a period of time with several intermediate steps – such as limited and extended support – before reaching End of Life status. For example, here is a typical software release lifecycle that illustrates the Service Life of a software product:

For all software that has passed its final support date as represented in the End of Life “red zone,” the software vendors:

• No longer consider enhancements or upgrades
• Do not provide security or functional patches
• No longer provide technical support

So why should you care?

Using unsupported software exposes your company to significant risks and challenges:

• Unsupported applications pose a security risk since they are no longer being patched
• End of Life applications can be costly as organizations may be paying maintenance for software that is no longer being upgraded or supported by the vendor
• Older versions may not have an upgrade path for improvements and bug fixes
• Software that is no longer supported may cause compatibility issues that inhibit migration to newer operating systems and platforms

If you want to learn more about Service Life, what it is, why it’s important, and the impact to your organization, be sure to join Flexera in the webinar “What is Service Life and Why Should You Care?”

In this session, you will learn:

• What are the key Service Life dates and why are they important?
• Why it’s difficult to track Service Life dates manually
• How not knowing key Service Life dates can cost you a lot of money and increase your security risk
• The benefits of taking a proactive approach toward software Service Life

Be sure to join us on the following dates and times:

        August 30 – 10:00 am (US Central Time)

        August 31 – 2:00 pm (Australia)

        August 31 – 10:00 am (United Kingdom)

Register Here

And if you cannot join us on one of the dates above, register for the on-demand webinar recording.

By Greg Misso

In my last post, we looked at SQL Server at a high level, discussing the various editions and licensing models available with each. In this post, we are going to delve a little deeper into some of the use cases and areas to be aware of.

The environment where SQL Server resides

Understanding the environment where the SQL Server resides is very important as this can determine whether production or non-production licenses can be utilised. In a scenario where SQL Server is installed in a non-production environment, alternative user based licenses can be used in lieu of production licenses. These alternate user based licenses include:

• SQL Server Developer[1]
• Visual Studio / MSDN subscription[2]

The below example (Figure 1) demonstrates a number of SQL Servers (both Standard and Enterprise) in a non-production environment. By utilising the product terms of SQL Server Developer or a Visual Studio / MSDN subscription, an organisation would be required to ensure that only licenses are assigned to the Developers accessing this environment (both internal and external users), not the SQL Servers themselves. To license this scenario effectively, this would therefore require either of the following, or a hybrid of both:

• (x4) SQL Server Developer Licenses (free download); or
• (x4) Visual Studio / MSDN subscriptions

Figure 1- SQL Server in a Non-production Environment

The main benefits of utilising these user based licenses in non-production environments include:

• Licensed users can access and provision an unlimited number non-production systems
• Reduced licensing costs
• Optimised SQL Server license management via use of applicable product use rights (aka Product Terms)

The role of the SQL Server and User or Device access

Identifying and understanding the role of the server where a SQL database (or components such as SQL Reporting Services) are installed is paramount. The ability to understand the role, and by extension the end user or device access is key to identifying which edition of SQL is best for the given purpose. This will assist in determining which license model is best suited to provide the following:

• Software license compliance
• Commercial optimisation
• Scalability for a changing IT environment

Some common access scenarios include the following:

Example 1 – Multiplexing

Multiplexing is the indirect access to a system via other systems. In the below example (Figure 2), users and devices are accessing the SQL Server indirectly. There are a couple of approaches that can be taken towards licensing SQL Server in this scenario. These include:

1. The user and device access is comprised of external users, i.e. not employees of the organisation. In this scenario, it is unlikely that the access can be quantified so the number of SQL Server CALs required (User or Device) cannot be determined. The recommended licensing approach here would be to adopt the SQL Server Core based model.
2. The user and device access is comprised of internal users, i.e. employees of the organisation. In this scenario, the number of devices and users is easier to ascertain and cost based analysis can be conducted to determine whether the Server and CAL model is best, or whether to opt for the Core based model (refer to Figure 5 for an example of a cost based analysis approach).

Figure 2 – Multiplexing example

Example 2 – SQL Server embedded with 3^rd party applications

SQL Server can sometimes be embedded into a 3^rd party application by an Independent Software Vendor (ISV). This is known as a Runtime license and is to be used exclusively with the ISV’s application. The SQL Server instance cannot be used in conjunction with other applications or databases. The below example (Figure 3) demonstrates users accessing the application which has an embedded SQL database. No additional SQL Server licensing is required however as the cost of the SQL Server Runtime license is included in the cost of the application from the ISV.

Figure 3 - 3rd Party Application with SQL Server example

Example 3 – Intranets

An intranet is a restricted internal network used by organisations to communicate information, and sometimes services, to employees. As demonstrated in the below example (Figure 4), SQL Server is often used as the underlying database technology to store this information. The ability to quantify the level and type of access to this SQL technology will have a definitive bearing on the licensing model selected, and is often commercially driven.

Figure 4 - Intranets utilising SQL technology

It is recommended that a cost based analysis be conducted to assess the various licensing models considering factors such as organisation size, projected growth and scalability of the current configuration. The analysis may look like the following:

Figure 5 – Cost based analysis flowchart

Next time

As I have touched on in this series of posts, the multiple licensing models available for SQL Server can create doubt and confusion, but if understood and leveraged correctly, the cost optimisation opportunities can be substantial. You just need to know what to look for, questions to ask and understand your IT environment.

In my next post, I will focus on topics such as Software Assurance Benefits and SQL Server, SQL Server components and take a more detailed look at other licensing scenarios.

To learn more about Flexera's Software Asset Management solution for Microsoft, please visit our website. Also see Flexera at Microsoft Ignite, Sept 25 to 29, 2017, in Orlando, FL.

------------------------------------------------------------------------------------------------------------

Footnotes:

[1] SQL Server Developer 2016 is a free download and can be accessed here.

[2] Visual Studio / MSDN subscriptions are available in two editions (Enterprise and Professional). Both editions provide support for SQL Server deployment on non-production systems. It is important to highlight that these subscriptions are allocated to specific users and cannot be shared amongst development team members. Further information can be located here.

By John Emmitt

If you are heading to the Gartner IT Financial, Procurement & Asset Management Summit, next week in Nashville TN, at the Gaylord Opryland (September 11 – 13^th), stop by the Flexera booth-- #109. The theme of conference is— The Juggling Act: Balancing Cost, Risk & Speed. We’ll be there to discuss ways we can help you with that juggling act. By reducing software and cloud services costs, mitigating software license compliance and security risk, and getting faster ROI. 

We’re pleased to also be participating in several speaking sessions during the conference:

Monday, 11 Sep 2017 @1:30pm: Theater Session with SoftwareONE:

Innovation of SAM: Past, Present, and Future

The speakers for this session will be Kevin Hooton, North America SAM Practice Lead for SoftwareONE, and Mark Buckentin, North America Alliance Lead for Flexera. Kevin and Mark will discuss how the two companies are working together to deliver a more simplified Software Asset Management (SAM) Process. They’ll also talk about innovative SAM approaches that accelerate business value.

Tuesday, 12 Sep 2017 @3:15pm: Flexera’s Solution Provider Session with Southern California Edison:

Southern California Edison – On the Road to Software License Optimization with Flexera

In this session, Chris Lecosia, Software Asset Manager at Southern California Edison, will share insights gained from their Software Asset Management program. Hear about their business challenges, why they selected Flexera’s FlexNet Manager Suite, and the business benefits they’re seeing. This includes significant ROI on their SAP licensing, which they’ve been managing with Flexera’s SAP solution for several years. Going forward, they are getting their arms around other key vendors including Microsoft, IBM and Oracle.

Wednesday, 13 Sep 2017 @9:30am: SoftwareONE’s Solution Provider Session:

SoftwareONE: Innovative SAM Approaches to Accelerating Business Value

The speakers for this session will again be Kevin Hooton, North America SAM Practice Lead for SoftwareONE, and Mark Buckentin, North America Alliance Lead for Flexera.

I look forward to seeing you at the conference!

To learn more about Flexera, please visit our website.

Also check out our upcoming webinar:

Preparing for MAD - Mergers, Acquisitions and Divestitures—13 and 14 Sep

And our recently broadcast webinar, now available on-demand:

What is Software Service Life and Why Should You Care?

By Simon Wilkinson, Senior Consultant

Are your software request processes complex or engrained with other business systems?  

The benefits of empowering end users to self-serve software is a motivating prospect for many organisations.  It eases the burden on administrators and improves governance.

Implementing a smooth self-service experience for users can be a daunting task.  What appears to be a straightforward request to employees, may be routed through many different systems and manual processes before it’s finally installed on their device.

When dealing with long drawn out request processes there are several possibilities for improvement:

• Simplification: Review and adjust processes to remove unnecessary steps.
• Automation: Use automation to drive the requests to the appropriate teams to carry out the work, before approving the request to allow progress to the next step.
• Know your systems and capacity: What systems will handle the initial request, the approvals, and the delivery of the software? Is there a company standard for workflow processing or an IT system of record?

The first step is to document your processes.  A paper representation may be time consuming, but it provides an ideal view of the complexity of the processes.

Re-engineering existing processes with an aim of simplification may seem like a tempting approach.  This may not be possible due to the increasing need for security, compatibility, and licensing approvals.  These diverse team responsibilities and the complexity of today’s devices must also be taken into account when re-engineering.

When processes are mapped using swim lanes, you can easily see where each team needs to provide approvals. The example swim lane diagram below highlights this. These touch points are ideal for mapping the approval steps. In this particular example, there are some additional steps that are done by the Software Asset Management team to allow for purchasing and approval by specific business owners.

If you have a company standard for workflow that needs to be adhered too, employees can request applications from an enterprise app store that tracks the initial order, checks for license availability,  and passes it off to a workflow engine. Often ITSM tools, such as BMC or ServiceNow are already in place at the customer. As long as the tool offers an API anything is really possible, in these scenarios any information collected during the request process is transferred into the workflow tool.  Once approved or rejected, the request is passed back to the app store.  If approved the app store triggers deployment through the appropriate system which could be AirWatch, MobilIron, SCCM, or provision cloud applications.

In summary the power and flexibility of Flexera App Portal allows for many solutions to what may seem like difficult problems. 

Need some help reengineering your software request process?  Contact a Flexera sales engineer.

Flexera has just announced that on September 7, we signed an agreement to acquire Mountain View, CA-based BDNA.  Why is this such a great fit for Flexera? 

Software Asset Management, IT Service Management, IT Financial Management and Software Vulnerability Management solutions (and others) are essential tools to help companies solve business problems.  But it's the data used by those applications that ultimately powers the software ecosystem. We’re bringing together two leaders with a shared vision of how technology asset data can transform the entire software industry. As a result, Flexera will have the largest repository of decision-support data available to any organization running commercial and open source software, including applications powering IoT devices.   Furthermore, Flexera now has the world's largest database of security-specific data relating to software and devices.  Even if an organization has invested in a Software Asset Management (SAM), Open Source or Security application not developed by Flexera – our software and hardware asset data will dramatically increase the ROI that organizations will get from their investment.

Technology Asset Intelligence Fuels Better Decision-Making

Every day, executives rely on multiple software solutions, such as the ones listed above, to make business decisions.  But the technology asset data feeding these solutions often is incomplete and inaccurate, resulting in poor output data quality.  Also, because these software tools don’t speak a common “data language,” they’re siloed, making it difficult to share information. This impedes collaboration, sound decision-making, and ultimately it reduces the ROI companies realize from those software investments.

This software supply chain dysfunction is no longer acceptable. To succeed today, executives have to be business-ready. They have to be able to make faster business decisions wherever they are, whenever needed, leveraging any software solution they use. So, the data powering their software must be up to date, reliable, comprehensive, and speak a common language.

Flexera and BDNA understand better than anyone else the key role technology asset intelligence plays in executive decision-support. We’ve both built our businesses on a foundation of data.  We both combine broad and rich technology asset data with best-in-class automation and analytics.  We both solve the most complicated software and hardware management challenges organizations face.

The World’s Largest Technology Asset Data Platform

Flexera is an established leader in curating technology asset data.  Flexera’s Nexus data cloud and software intelligence repository sit at the heart of its data strategy.  Built and maintained by teams of expert, subject-matter researchers, it’s the industry’s most comprehensive software asset, vulnerability and open source repository – containing more than 150 million software and hardware asset data points.

Our data cloud harnesses the only software supplier/software buyer partnership in the industry. Software suppliers and Internet of Things (IoT) companies contribute asset data about their products directly to our data cloud – deepening its depth and breadth.  This data, in turn, powers our own market-leading SAM, Software Vulnerability Management and Software Composition Analysis solutions. The repository is also built on an open platform, so other solution providers and system integrators can access our data to power their own solutions.

BDNA has also built a world-class reputation in technology asset data. Their Technopedia data repository categorizes and aligns product technology information allowing organizations to speak a common language and make better decisions.  It includes more than 2 million products and 180 million data points on enterprise hardware, software, IoT, open source, product lifecycle, vulnerabilities and more.

But, simply having the largest technology asset data repository isn't enough.  Since data "atrophies” very quickly if left untouched, it's vital to develop the people, tools and methods to ensure data is kept current. BDNA has refined the processes for creating, managing and curating Technopedia at market velocities, performing over 2,500 daily updates. BDNA provides industry-leading Service Level Agreements (SLAs) to guarantee its customers have the most up to date, highest-quality data.  Together BDNA’s and Flexera's data teams are unrivalled.

By combining forces with BDNA, we will have, by far, the largest, most accurate and up to date technology asset data platform in the world. We are the ‘Rosetta Stone’ delivering a common data language capable of powering many types of enterprise applications today as well as emerging applications tomorrow.

To learn more, please visit our website.

Flexera is extremely pleased to announce today that we’ve completed the acquisition of BDNA.  We first  announced our intent to acquire BDNA on September, 12 – and the transaction has now closed.  Terms of the agreement are not being disclosed.

Another game changer for Flexera, we’ve brought together two leaders with a shared vision of how technology asset data can transform the entire software industry. Flexera now has the largest, most current and accurate repository of technology asset data available to any organization running commercial and open source software, including applications powering IoT devices.  

Over the coming weeks and months, we will discuss in greater detail how our open data platform and technology asset data will fuel the entire software supply chain ecosystem.

To learn more, please visit our website.

Software licenses and maintenance are big line items in most IT budgets.  Upwards of 30% of IT budgets are dedicated to software projects.  Software is an asset that improves productivity, builds relationships with customers, and enables companies to move faster than their competition.  Applications are downloaded and installed widely across organizations, sometime for short projects, or to solve a specific problem.  But once it has served its purpose, and is no longer needed, that software often lays idle on the device consuming a license and being covered under maintenance.  For IT organizations looking to reduce spending, this unused or under used software is an easy target and can be a source of tremendous savings.

Harvesting or reclaiming software is the act of reducing the consumption of software licenses in an organisation so that they can be reused when needed.  In this blog I review the traditional approach to re-harvesting end user software licenses, its limitations and explain how this must be automated to have the biggest impact on reducing spending.

Traditional Software Re-harvesting

The traditional approach to re-harvesting software involves four basic steps, which I’ve listed below.  This approach is often manual and might be taken in the form of a re-harvesting project, where high value applications are targeted for re-harvesting:

Step 1: Measure license consumption

There’s little point in trying to reduce license consumption without a true measure of it.  Therefore, the first step is to have an accurate software asset management inventory that tells you where the licenses are being consumed, by whom, and on what devices.   Software licensing is complex and vendors have many different ways to license it.  For end user software the most common methods are device based or user based. If it’s a device based license, it should be telling you who is the user of that device.    If it’s a user based license, on top of knowing the users it should be telling you which devices they’re using it on.

Step 2: Measure Usage

Once you know the devices and users by which the license is consumed you then need to determine which are the best candidates for re-harvesting.   First, exclude users that are actively using the software.  One of the most common approaches for doing this is to exclude cases where the software was used in the last X number of days.  90 days is a typical threshold, although you might have smaller or greater thresholds depending the application to be re-harvest.

Step 3: Refine the candidates – Ask the user

If you run an authoritarian IT department you might decide to simply uninstall applications from any devices where it’s not in active use.   The reality is that for most situations it’s best to consult the end user before uninstalling any software from their device.   The simplest way to do this would be to take the list of users that aren’t actively using the software and send them an email pointing out that they’re not using the software and asking whether they need it any longer.

Step 4: Work with deployment administrator to uninstall the software

You should now have a list of devices or users from which you want to re-harvest the software license.   At this point you need to share the list with the administrator of your software deployment system to have them configure the applications for removal.  This will take time as your administrator will have limited time and his priority is to ensure users are productive.

Step 5: Review the results

At some time later your software asset management system will report that the software license consumption has dropped and you have thus saved your organisation lots of money.

Limitations of the Traditional Approach

On face value, the manual approach, outlined above, is clear and effective and will provide some benefits.  However, where it falls down is in the effort required in collating information from users and coordinating with the software deployment teams to have the software removed.   It’s also a very task-based approach that requires an IT technician to coordinate.  Due to the manual effort involved companies may only re-harvest software on an annual basis, leaving money on the table.

This is where a standalone software asset management system reaches its limits.

To be truly effective in re-harvesting, software asset management cannot be used in isolation.   It needs to be part of a broader Software License Optimization program; one that integrates seamlessly with your software deployment systems, automates the interaction with end users and lets you define re-harvesting policies rather than perform re-harvesting tasks, and runs on a continuous basis rather than as a point in time project.

Automated Re-harvesting Campaigns

In essence, automated re-harvesting takes the key aspects of traditional re-harvesting and automates them into campaigns that run continuously.   It also shifts the methodology from one that is task-based to a policy based one.  Working together FlexNet Manager Suite and App Portal provide an automated solution.

The key features of an automated re-harvesting solution are:

• Automatically lookup devices that are consuming software licenses in your software asset management system and which are not actively being used
• Automatically notify users when they stop using the software and ask them if they still require it
• Provide a simple and easy way for users to respond. Give your users the opportunity to justify why they need the software and control whether or not their software is removed.   Ideally, it should also provide them in the future with means to reapply to have that software be reinstalled.
• Automatic uninstall – Where software is to be removed, automatically connect to your software deployment systems, initiate the removal of the software and monitor the result.
• Configure reclamation policy for each application. This includes thresholds for active usage of each application and how often you want users to be reminded.

In Summary

Software asset management systems provided the foundation for software license re-harvesting.  To get the most leverage, you should consider automated software license re-harvesting campaigns as part of your overall software license optimization program.  To learn more read these customer success stories:

• Customer Realizes Millions in Savings with App Portal. Over 10,000 installations removed, reclaiming over $4.5M USD worth of unused software licenses
• Department of Foreign Affairs, Trade & Development Canada: Over 4,000 software titles have been reclaimed, saving $1.24 Million in license costs in less   than a year.

Industry research shows that 95% of organizations use Open Source Software (OSS) in their mission critical applications. There are a number of reasons for this, including being able to develop applications faster and with higher quality. And, hey, its free, right? Last year (2016), there were 79 billion (with a ‘B’) downloads of OSS components!

At the same time, most organizations have no idea how much open source code they are actually using. In fact, the data says that organizations typically are aware of less than 10% of the open source software they are using.

For enterprises that are developing applications for internal use, OSS represents a potential security risk— there are software vulnerabilities in many OSS components. Well known OSS exploits include Heartbleed, Ghost and Shellshock. How many of those 79 billion downloads had more than 1 software vulnerability? 1 out of every 16. That’s more than 4.9 billion OSS components.

What can you do about this?

Many companies do the following to manage open source software use:

• They have an Open Source Review Board that– reviews and approves all OSS use, checks components for security risks, and creates a standard set of approved OSS components
• They have an OSS policy that they enforce
• They use tools to have an automated OSS Request / Approval process, keep a History of OSS use, and have a Repository for OSS components
• They scan their code to check for OSS and third party components, and vulnerability risk

There is also license compliance risk when using OSS, particularly for companies that are developing applications for sale or use outside of their own organization. Depending on the open source license being used for a given OSS component, there are different requirements, including, in some cases, the requirement to release your source code to the public. This is the case for the GPL v2 and GPL v3 licenses, for example.

Here is a handy field guide to OSS licensing:

We have also put together a checklist for open source software license compliance:

You can download a copy of this field guide and compliance checklist here.

To learn more about Flexera’s FlexNet Code Insight product, please visit our website.

You might also be interested in our on-demand Webinar: The State of Open Source Software (OSS): 2016 Year in Review.

Flexera’s CEO, Jim Ryan, recently presented at the Microsoft Inspire event where Flexera and Microsoft announced a new initiative to transform the software supply chain. As noted in this article on the ITAM Review website— Flexera & Microsoft join forces to crunch ELPs—

“Combining Flexera’s FlexNet Manager Suite with Microsoft’s Intelligent Asset Manager, the aim is to remove the need for expensive, disruptive [software] audits and instead allow partners and customers to focus on delivering value and business transformation.”

Following on the heels of the Microsoft Inspire announcement, Flexera is hosting a live streaming event– The Game Has Changed,  on August 17^th (10 am CT) where we will discuss why:

• Software Asset Management (SAM) can’t live in a silo anymore
• Stakeholders require easier access to more complete data than ever before
• More collaboration is required than ever before
• Software vendors need to step up and support the SAM process
• The entire IT ecosystem must be more tightly connected

Duncan Jones, Vice President and Principal Analyst at Forrester, will be one of our special guest speakers. Duncan serves Sourcing and Vendor Management professionals.

Register here to join our live event.

Our goal is to create a software supply chain that is efficient and transparent. This takes wasted expense and risk out of the supply chain for you, the software buyer.

One of the primary goals of the transformed software supply chain is to move away from the focus on software license compliance and focus more on delivering cost savings and business value. Two thirds of businesses get audited at least once every year by software vendors (or their 3^rd party delegates). And, audits are typically very time consuming—hundreds, if not thousands, of staff hours can be spent preparing for an audit. Let’s eliminate that!

In addition, Software Asset Management is becoming more important to C-level executives and others across the business. As a result, SAM data needs to be more accessible to all of these stakeholders.

The themes in this event tie into the exciting new capabilities in the next release of FlexNet Manager Suite, coming on August 9^th, 2017. Our new Insights Data Analytics dashboard gives each of your users their own view of your hardware and software asset data. It’s extremely configurable to enable them to adjust their view to see exactly what they need to better perform their work.

Cloud and SaaS are key areas of focus for SAM going forward. During the event, you’ll also hear about new capabilities for managing SaaS applications. With the rapid adoption of cloud services you need the ability to control costs and get more value from these services. Attend the event to learn more!

Hear more about how IT Operations, Finance, Procurement and IT Security can collaborate to improve software governance, optimize costs for software and cloud services and mitigate IT security and license compliance risk.

Register for The Game Has Changed

Flexera is reimagining the way that software is Bought, Sold, Managed and Secured.

How many applications are in your enterprise? Which of these applications are still supported by the vendor, and which are no longer supported? More importantly, are you paying maintenance for every application, even those that are “end of life?”

Understanding your software’s “Service Life,” the product’s total release lifecycle is an important part of your Software Asset Management program. Service Life policies vary considerably by vendor and product. Many software vendors reduce support over a period of time with several intermediate steps – such as limited and extended support – before reaching End of Life status. For example, here is a typical software release lifecycle that illustrates the Service Life of a software product:

For all software that has passed its final support date as represented in the End of Life “red zone,” the software vendors:

• No longer consider enhancements or upgrades
• Do not provide security or functional patches
• No longer provide technical support

So why should you care?

Using unsupported software exposes your company to significant risks and challenges:

• Unsupported applications pose a security risk since they are no longer being patched
• End of Life applications can be costly as organizations may be paying maintenance for software that is no longer being upgraded or supported by the vendor
• Older versions may not have an upgrade path for improvements and bug fixes
• Software that is no longer supported may cause compatibility issues that inhibit migration to newer operating systems and platforms

If you want to learn more about Service Life, what it is, why it’s important, and the impact to your organization, be sure to join Flexera in the webinar “What is Service Life and Why Should You Care?”

In this session, you will learn:

• What are the key Service Life dates and why are they important?
• Why it’s difficult to track Service Life dates manually
• How not knowing key Service Life dates can cost you a lot of money and increase your security risk
• The benefits of taking a proactive approach toward software Service Life

Be sure to join us on the following dates and times:

• August 30 – 10:00 am (US Central Time)
• August 31 – 2:00 pm (Australia)
• August 31 – 10:00 am (United Kingdom)

Register Here

And if you cannot join us on one of the dates above, register for the on-demand webinar recording.

In my last post, we looked at SQL Server at a high level, discussing the various editions and licensing models available with each. In this post, we are going to delve a little deeper into some of the use cases and areas to be aware of.

The environment where SQL Server resides

Understanding the environment where the SQL Server resides is very important as this can determine whether production or non-production licenses can be utilised. In a scenario where SQL Server is installed in a non-production environment, alternative user based licenses can be used in lieu of production licenses. These alternate user based licenses include:

• SQL Server Developer[1]
• Visual Studio / MSDN subscription[2]

The below example (Figure 1) demonstrates a number of SQL Servers (both Standard and Enterprise) in a non-production environment. By utilising the product terms of SQL Server Developer or a Visual Studio / MSDN subscription, an organisation would be required to ensure that only licenses are assigned to the Developers accessing this environment (both internal and external users), not the SQL Servers themselves. To license this scenario effectively, this would therefore require either of the following, or a hybrid of both:

• (x4) SQL Server Developer Licenses (free download); or
• (x4) Visual Studio / MSDN subscriptions

Figure 1- SQL Server in a Non-production Environment

The main benefits of utilising these user based licenses in non-production environments include:

• Licensed users can access and provision an unlimited number non-production systems
• Reduced licensing costs
• Optimised SQL Server license management via use of applicable product use rights (aka Product Terms)

The role of the SQL Server and User or Device access

Identifying and understanding the role of the server where a SQL database (or components such as SQL Reporting Services) are installed is paramount. The ability to understand the role, and by extension the end user or device access is key to identifying which edition of SQL is best for the given purpose. This will assist in determining which license model is best suited to provide the following:

• Software license compliance
• Commercial optimisation
• Scalability for a changing IT environment

Some common access scenarios include the following:

Example 1 – Multiplexing

Multiplexing is the indirect access to a system via other systems. In the below example (Figure 2), users and devices are accessing the SQL Server indirectly. There are a couple of approaches that can be taken towards licensing SQL Server in this scenario. These include:

1. The user and device access is comprised of external users, i.e. not employees of the organisation. In this scenario, it is unlikely that the access can be quantified so the number of SQL Server CALs required (User or Device) cannot be determined. The recommended licensing approach here would be to adopt the SQL Server Core based model.
2. The user and device access is comprised of internal users, i.e. employees of the organisation. In this scenario, the number of devices and users is easier to ascertain and cost based analysis can be conducted to determine whether the Server and CAL model is best, or whether to opt for the Core based model (refer to Figure 5 for an example of a cost based analysis approach).

Figure 2 – Multiplexing example

Example 2 – SQL Server embedded with 3^rd party applications

SQL Server can sometimes be embedded into a 3^rd party application by an Independent Software Vendor (ISV). This is known as a Runtime license and is to be used exclusively with the ISV’s application. The SQL Server instance cannot be used in conjunction with other applications or databases. The below example (Figure 3) demonstrates users accessing the application which has an embedded SQL database. No additional SQL Server licensing is required however as the cost of the SQL Server Runtime license is included in the cost of the application from the ISV.

Figure 3 – 3rd Party Application with SQL Server example

Example 3 – Intranets

An intranet is a restricted internal network used by organisations to communicate information, and sometimes services, to employees. As demonstrated in the below example (Figure 4), SQL Server is often used as the underlying database technology to store this information. The ability to quantify the level and type of access to this SQL technology will have a definitive bearing on the licensing model selected, and is often commercially driven.

Figure 4 – Intranets utilising SQL technology

It is recommended that a cost based analysis be conducted to assess the various licensing models considering factors such as organisation size, projected growth and scalability of the current configuration. The analysis may look like the following:

Figure 5 – Cost based analysis flowchart

Next time

As I have touched on in this series of posts, the multiple licensing models available for SQL Server can create doubt and confusion, but if understood and leveraged correctly, the cost optimisation opportunities can be substantial. You just need to know what to look for, questions to ask and understand your IT environment.

In my next post, I will focus on topics such as Software Assurance Benefits and SQL Server, SQL Server components and take a more detailed look at other licensing scenarios.

To learn more about Flexera’s Software Asset Management solution for Microsoft, please visit our website. Also see Flexera at Microsoft Ignite, Sept 25 to 29, 2017, in Orlando, FL.

Footnotes:

[1] SQL Server Developer 2016 is a free download and can be accessed here.

[2] Visual Studio / MSDN subscriptions are available in two editions (Enterprise and Professional). Both editions provide support for SQL Server deployment on non-production systems. It is important to highlight that these subscriptions are allocated to specific users and cannot be shared amongst development team members. Further information can be located here.

If you are heading to the Gartner IT Financial, Procurement & Asset Management Summit, next week in Nashville TN, at the Gaylord Opryland (September 11 – 13^th), stop by the Flexera booth– #109. The theme of conference is— The Juggling Act: Balancing Cost, Risk & Speed. We’ll be there to discuss ways we can help you with that juggling act. By reducing software and cloud services costs, mitigating software license compliance and security risk, and getting faster ROI.

We’re pleased to also be participating in several speaking sessions during the conference:

Monday, 11 Sep 2017 @1:30pm: Theater Session with SoftwareONE:

Innovation of SAM: Past, Present, and Future
The speakers for this session will be Kevin Hooton, North America SAM Practice Lead for SoftwareONE, and Mark Buckentin, North America Alliance Lead for Flexera. Kevin and Mark will discuss how the two companies are working together to deliver a more simplified Software Asset Management (SAM) Process. They’ll also talk about innovative SAM approaches that accelerate business value.

Tuesday, 12 Sep 2017 @3:15pm: Flexera’s Solution Provider Session with Southern California Edison:

Southern California Edison – On the Road to Software License Optimization with Flexera
In this session, Chris Lecosia, Software Asset Manager at Southern California Edison, will share insights gained from their Software Asset Management program. Hear about their business challenges, why they selected Flexera’s FlexNet Manager Suite, and the business benefits they’re seeing. This includes significant ROI on their SAP licensing, which they’ve been managing with Flexera’s SAP solution for several years. Going forward, they are getting their arms around other key vendors including Microsoft, IBM and Oracle.

Wednesday, 13 Sep 2017 @9:30am: SoftwareONE’s Solution Provider Session:

SoftwareONE: Innovative SAM Approaches to Accelerating Business Value
The speakers for this session will again be Kevin Hooton, North America SAM Practice Lead for SoftwareONE, and Mark Buckentin, North America Alliance Lead for Flexera.

I look forward to seeing you at the conference!

To learn more about Flexera, please visit our website.

Also check out our upcoming webinar:

Preparing for MAD – Mergers, Acquisitions and Divestitures—13 and 14 Sep

And our recently broadcast webinar, now available on-demand:

What is Software Service Life and Why Should You Care?

Are your software request processes complex or engrained with other business systems?

The benefits of empowering end users to self-serve software is a motivating prospect for many organisations.  It eases the burden on administrators and improves governance.

Implementing a smooth self-service experience for users can be a daunting task.  What appears to be a straightforward request to employees, may be routed through many different systems and manual processes before it’s finally installed on their device.

When dealing with long drawn out request processes there are several possibilities for improvement:

• Simplification: Review and adjust processes to remove unnecessary steps.
• Automation: Use automation to drive the requests to the appropriate teams to carry out the work, before approving the request to allow progress to the next step.
• Know your systems and capacity: What systems will handle the initial request, the approvals, and the delivery of the software? Is there a company standard for workflow processing or an IT system of record?

The first step is to document your processes.  A paper representation may be time consuming, but it provides an ideal view of the complexity of the processes.

Re-engineering existing processes with an aim of simplification may seem like a tempting approach.  This may not be possible due to the increasing need for security, compatibility, and licensing approvals.  These diverse team responsibilities and the complexity of today’s devices must also be taken into account when re-engineering.

When processes are mapped using swim lanes, you can easily see where each team needs to provide approvals. The example swim lane diagram below highlights this. These touch points are ideal for mapping the approval steps. In this particular example, there are some additional steps that are done by the Software Asset Management team to allow for purchasing and approval by specific business owners.

If you have a company standard for workflow that needs to be adhered too, employees can request applications from an enterprise app store that tracks the initial order, checks for license availability,  and passes it off to a workflow engine. Often ITSM tools, such as BMC or ServiceNow are already in place at the customer. As long as the tool offers an API anything is really possible, in these scenarios any information collected during the request process is transferred into the workflow tool.  Once approved or rejected, the request is passed back to the app store.  If approved the app store triggers deployment through the appropriate system which could be AirWatch, MobilIron, SCCM, or provision cloud applications.

In summary the power and flexibility of Flexera App Portal allows for many solutions to what may seem like difficult problems.

Need some help reengineering your software request process?  Contact a Flexera sales engineer.

Flexera has just announced that on September 7, we signed an agreement to acquire Mountain View, CA-based BDNA.  Why is this such a great fit for Flexera?

Software Asset Management, IT Service Management, IT Financial Management and Software Vulnerability Management solutions (and others) are essential tools to help companies solve business problems.  But it’s the data used by those applications that ultimately powers the software ecosystem. We’re bringing together two leaders with a shared vision of how technology asset data can transform the entire software industry. As a result, Flexera will have the largest repository of decision-support data available to any organization running commercial and open source software, including applications powering IoT devices.   Furthermore, Flexera now has the world’s largest database of security-specific data relating to software and devices.  Even if an organization has invested in a Software Asset Management (SAM), Open Source or Security application not developed by Flexera – our software and hardware asset data will dramatically increase the ROI that organizations will get from their investment.

Technology Asset Intelligence Fuels Better Decision-Making

Every day, executives rely on multiple software solutions, such as the ones listed above, to make business decisions.  But the technology asset data feeding these solutions often is incomplete and inaccurate, resulting in poor output data quality.  Also, because these software tools don’t speak a common “data language,” they’re siloed, making it difficult to share information. This impedes collaboration, sound decision-making, and ultimately it reduces the ROI companies realize from those software investments.

This software supply chain dysfunction is no longer acceptable. To succeed today, executives have to be business-ready. They have to be able to make faster business decisions wherever they are, whenever needed, leveraging any software solution they use. So, the data powering their software must be up to date, reliable, comprehensive, and speak a common language.

Flexera and BDNA understand better than anyone else the key role technology asset intelligence plays in executive decision-support. We’ve both built our businesses on a foundation of data.  We both combine broad and rich technology asset data with best-in-class automation and analytics.  We both solve the most complicated software and hardware management challenges organizations face.

The World’s Largest Technology Asset Data Platform

Flexera is an established leader in curating technology asset data.  Flexera’s Nexus data cloud and software intelligence repository sit at the heart of its data strategy.  Built and maintained by teams of expert, subject-matter researchers, it’s the industry’s most comprehensive software asset, vulnerability and open source repository – containing more than 150 million software and hardware asset data points.

Our data cloud harnesses the only software supplier/software buyer partnership in the industry. Software suppliers and Internet of Things (IoT) companies contribute asset data about their products directly to our data cloud – deepening its depth and breadth.  This data, in turn, powers our own market-leading SAM, Software Vulnerability Management and Software Composition Analysis solutions. The repository is also built on an open platform, so other solution providers and system integrators can access our data to power their own solutions.

BDNA has also built a world-class reputation in technology asset data. Their Technopedia data repository categorizes and aligns product technology information allowing organizations to speak a common language and make better decisions.  It includes more than 2 million products and 180 million data points on enterprise hardware, software, IoT, open source, product lifecycle, vulnerabilities and more.

But, simply having the largest technology asset data repository isn’t enough.  Since data “atrophies” very quickly if left untouched, it’s vital to develop the people, tools and methods to ensure data is kept current. BDNA has refined the processes for creating, managing and curating Technopedia at market velocities, performing over 2,500 daily updates. BDNA provides industry-leading Service Level Agreements (SLAs) to guarantee its customers have the most up to date, highest-quality data.  Together BDNA’s and Flexera’s data teams are unrivalled.

By combining forces with BDNA, we will have, by far, the largest, most accurate and up to date technology asset data platform in the world. We are the ‘Rosetta Stone’ delivering a common data language capable of powering many types of enterprise applications today as well as emerging applications tomorrow.

To learn more, please visit our website.

Flexera is extremely pleased to announce today that we’ve completed the acquisition of BDNA. We first announced our intent to acquire BDNA on September, 12 – and the transaction has now closed.  Terms of the agreement are not being disclosed.

Another game changer for Flexera, we’ve brought together two leaders with a shared vision of how technology asset data can transform the entire software industry. Flexera now has the largest, most current and accurate repository of technology asset data available to any organization running commercial and open source software, including applications powering IoT devices.

Over the coming weeks and months, we will discuss in greater detail how our open data platform and technology asset data will fuel the entire software supply chain ecosystem.

To learn more, please visit our website.

You may be familiar with this phrase– “Begin with the End in Mind” if you are a reader of motivational books. This is one of the habits in “7 Habits of Highly Effective People” written by Steven Covey. I am sure you are wondering what this has to do with Software Asset Management.

I have been involved in IT Service Management (ITSM) and IT Asset Management (ITAM) for over 20 years.  I have seen more than my share of failed ITSM and Software Asset Management (SAM) system implementations and often the root cause is due to not “beginning with the end in mind”.

It starts with the overwhelming excitement of finally getting a system that is going to help the business with the ever-increasing SAM workload. Naturally, clients are anxious to get the system installed and up and running so they can start to realize value from the investment that they have made.  An aggressive timeline for implementation is set and the technical design is started. This is usually where things start to derail.

The bulk of the upfront effort is spent on the technical solution and getting the system up and running. Clients tend to lose sight of the business drivers that led to the purchase of the system in the first place.  At this point the company stands up a system with good intentions and turns the product over to the business for use. The business begins to pump data into the system so they can start using it and realizing the value of the system. When it comes time to deliver meaningful information from the system and it falls short, immediately the system is considered defective and the expected value is not realized.

By simply helping the key stakeholders to understand the importance of beginning with the end in mind, many of these pitfalls can be alleviated and proper expectations set in advance. I am suggesting that by gaining a better understanding of and alignment around the requirements, business drivers, expectations, and required outputs of the system from all of your key stakeholders, in the beginning, your SAM program will be more successful.

Starting projects with a comprehensive blueprint of what is considered a successful system implementation is one of the most important things we can do to ensure the overall success of a project and realization of the expected business value. So please, “Begin with the End in Mind.”

To learn more about Flexera’s Software and Cloud Optimization solutions, please visit our website.

Also check out our webinar: Be Connected. Be Faster. Expand Your SAM Capabilities for Better Business Insight

In this webinar you’ll learn about Flexera’s Solution Exchange, Flexera Labs and our new solution for managing your Salesforce.com subscriptions.

Dear Software Asset Manager,

Sorry to hear that you are troubled. As a fellow Software Asset Manager, I know how vexing your job can be. Vendors are adopting ever more complex software licensing terms while many of them are demanding a higher level of scrutiny on license compliance. And the move to the cloud? Don’t get me started on the challenges the cloud is creating!

So what are you doing about it?

You told me you have just deployed a best-of-breed Software Asset Management system. Good start. Now you can work on bringing some order and clarity to both your license entitlement and consumption records.

Yes, I know you’ll say that your purchasing records have been poorly maintained over time, but despite this, you believe that your predecessors have purchased sufficient license entitlements to cover your company’s software use.

My Advice? Acknowledge that there will be some gaps in your purchasing and entitlement records; they won’t all be filled. The truth of your historical entitlement is what you and your vendors agree it to be, right now. So start working with your vendors to establish baseline positions, and work on becoming software audit ready.

Here is the outline of a plan that you might try:

1. Build a schedule for preparing software license position reports:
   • Start with vendor true-ups. Mark these as your initial set of target dates for which license position reports must be available
   • Next, review all of your company’s software maintenance contracts and find out when the maintenance renewals are due. Some maintenance renewals may not co-inside with vendor true-ups, so add these dates to your schedule
   • Also consider software audit risk. What are your highest value software assets, and which do you spend most on each year? Make sure you are audit ready for these as early as possible, particularly if the vendor has an aggressive audit program
2. Three months before each schedule date, review and correct your license consumption and usage for each software title
   • Aim to “right-size” consumption. That is, ensure that your users have access to the software they need, but remove software from systems where it is not needed
   • Update installed software versions where appropriate, to ensure that used applications continue to be covered under maintenance contacts
   • Re-run your license consumption reports and continue reclaiming licenses for unused software until you are satisfied that your license consumption reflects your software use
3. Gather together you purchasing records and any other baseline entitlement records for the software titles under review
   • Tally your known software license entitlements, and determine if they cover both your current and planned usage
   • If your records for purchased entitlements are less than the maintenance renewal number, then you may decide that you want to negotiate on the basis that your records are incomplete, and that the maintenance number best reflects your current entitlement
   • If your records for purchased entitlements and your maintenance contract numbers are in close agreement, then happy days— you should have less to negotiate with your vendor
4. Finally, a month before the renewal is due, run an Effective License Position (ELP) report to summarize your best understanding of your license position
5. A couple of license compliance situations may present themselves:
   • If you are non-compliant, then at least you will know that you have done all that you can to right-size your consumption, and minimize potential audit true-up charges
   • If you are compliant and over licensed, that is, you believe that you have purchased more license entitlements than you need, you may want to consider negotiating for a lower maintenance renewal number
6. You should now be in the best place possible to begin a contract renegotiation or true-up with your vendor, and be audit ready.

Now that you have a plan, what about a checklist for getting the best value from your SAM system?

Here are some tips on what we look for in our SAM system when we prepare license position (ELP) reports:

In your SAM system:

1. Ensure that you have Purchase Order records that reflect your entitlements, and check that these entitlements are counted in the appropriate license records in the SAM repository
   • Look for unprocessed Purchase Order records, and link them to license records to ensure all of your known entitlements are being counted
2. Update, and as necessary, create license records to reflect the license entitlements granted to you under EULAs and other contract types
   • If your SAM system is capable, it should be able to recommend how to configure entitlements from its knowledge of software products, as identified by SKUs on purchase orders
     
     
3. Look for evidence of unrecognized installs for licensable software:
   • Your SAM vendor can add extra application recognition rules to your system to ensure that all application installs are recognised and counted
   • Link new application records to appropriate license records
4. Check each license for consumption, installs or usage, that should be exempted
   • Is any license consumption coming from Stand-By, or Development systems that are exempt under your software product use rights (aka Product Terms)?

What your management probably wants most from you, at least in the short term, is “no surprises.” So start working the problem as soon as possible. The above suggestions may not be a complete solution, but it might be enough to help you get started.

Hope to hear about your software asset management successes in the near future!

Regards,
Flexera

To learn more, check out our on-demand recording of our August live stream event—The Game Has Changed

Today’s concept of moving data and applications to the cloud can mean a variety of things. More often people think of Software as a Service (SaaS) solutions first, when they think of the cloud. Salesforce, WebEx, Microsoft Office 365, and other SaaS applications often come to mind. The expectation is that more companies will develop their solutions to offer their clients an application solution that is web-enabled. However, another growing trend is for companies to move on-premises applications to the cloud, utilizing compute power as a service, or Infrastructure as a Service (IaaS).

The utilization of IaaS has often been associated with engineers and testers utilizing the services to quickly “spin up” the development of new applications and test environments, without having to involve IT. However, companies are now leveraging IaaS to move their commercial applications onto IaaS cloud services provided by companies such as Amazon Web Services. According to a June article in CIO Magazine, “6 Trends Shaping IT Cloud Strategies,” as of February 2017, AWS is now operating at a greater than $14 billion run rate, with customers going all-in on the company’s cloud infrastructure services.

The growing trend has caused some new challenges for IT departments trying to manage IT assets. On-premises discovery tools often do not have the complete cloud instance specific data required. The “short-lived” application instances put on the AWS platform are difficult to track and manage. Multiple user access to the cloud infrastructure leads to more complexity and confusion on ownership. Cloud visibility of IT assets becomes a new roadblock for IT asset managers, procurement, IT service management (ITSM), security—for proactively detecting end-of-life software, and more.

Flexera introduces Flexera + BDNA Cloud Asset Insights to provide the visibility of IT assets that have been deployed to Amazon Elastic Compute Cloud (EC2). Cloud Asset Insights provides discovery and normalization for commercial software assets deployed via Amazon EC2.

Do you want to know more? Read our recent press announcement about Cloud Asset Insights.