Executive Summary: Software asset management (SAM) tools are coming of age, as businesses seek to avoid licensing audits and better manage hardware and software purchases and usage in their organizations. A number of SAM solutions are available, including full-spectrum products that perform software and hardware discovery and usage metering and build a licensing repository. Increasingly, SAM vendors are working to integrate their products into configuration management databases (CMDBs), so that the SAM products can be part of broader management solutions, such as network management. |
Many IT managers would fail tests on knowing what software assets are on their systems, how many copies are installed, and what their license requirements are. Often, internal audits or receipt of a dreaded Business Software Alliance (BSA) or Microsoft auditing letter will reveal many more unlicensed programs on the organization’s PCs, servers, mobile assets, or other devices than the IT department was aware of. Proactive software asset management (SAM)—an organized process for tracking and managing licenses and software usage in an organization— offers a way to avoid unpleasant auditing surprises. To better understand how a SAM strategy might benefit your organization, it’s helpful to know the components of SAM—particularly its usefulness in license management, get acquainted with SAM products that can help you manage software and other IT assets, and become familiar with SAM trends, such as the use of configuration management databases (CMDBs) in SAM implementations.
SAM and Licensing Compliance
SAM encompasses a number of components, technologies,
departments, and processes to manage an organization’s
software assets, including
- procurement and licensing
- deployment and patching
- discovery, metering, and license management
A SAM strategy could include the use of asset-discovery tools, application metering, and license repositories, all of which can help you get a grip on what’s in your software library and determine whether you’re in compliance with licensing requirements.
The license-compliance aspect of SAM involves different departments, including purchasing, accounting, and IT. These departments often use dissimilar processes and programs to track assets, contracts, and licenses. Getting all concerned parties to use a consistent set of license management procedures might be the biggest hurdle to an effective SAM plan. Contracts and licenses could still be on paper and not entered in an electronic repository. Accurate procurement records might be stashed in a filing cabinet in the basement in no particular order. Assets may have succumbed to “PC drift” (i.e., the undocumented movement of PCs from one area or user to another) and could be impossible to track down.
The SAM standards issue is garnering so much interest that the ISO and International Electrotechnical Commission (IEC) developed ISO/IEC 19770-1:2006, a standard that organizations can use to plan and implement SAM. (You can download a copy of the standard, for a fee, at www.iso.org/iso/catalogue_detail?csnumber=33908.)
SAM for Audit Preparation
The importance of having a SAM strategy in your organization
becomes evident when you face the prospect
of an audit. Say you receive a letter from an industry
association or software publisher notifying you of a
vendor audit, generally within 14 to 60 days of the letter
date. The auditor will bring a software asset-discovery
tool and search your network devices, PCs, and mobile
devices for applications. Then the auditor will ask you
to provide proof of licensing compliance for all software
assets. Gulp! Time to cram. If you’ve been notified about
an audit and are scrambling to prepare for it, here’s what
you need to do:
- Use a discovery tool to find all your software assets on PCs, servers, other network devices, and mobile devices.
- Meter usage of the assets to determine how each is used and how often.
- Build your license repository to compare it with your assets for compliance.
The best way to complete all these steps is to get a SAM solution that will automatically plug into your network, find the assets, meter usage, and compare the license repository with the asset information. Alternatively, you could opt for a tool that performs a particular SAM task (e.g., creating an inventory of assets).
SAM Products
Ideally, you’ll be looking for a
SAM product well before you
receive any type of compliance
request. Then you can set up a
SAM lifecycle solution that will
not only make sure you’re prepared
when the auditor walks
in the door but also help you get a handle on your software assets for
better organization, budgeting, and legal
compliance. The following partial list of SAM
products can give you an idea of the types of
features such solutions provide. (Also see the
sidebar “Guidelines for Evaluating SAM Solutions,”
page 25, for a list of questions to ask
SAM vendors when you’re looking at products,
and the Web-exclusive sidebar “SAM
Vendors and Resources,” www.windowsitpro.com, InstantDoc ID 98247, for contact information
for the SAM resources mentioned in
this article.)
CA Unicenter Asset Portfolio Management
This comprehensive asset management
solution aims to facilitate the collection and
sharing of information among IT, accounting,
and purchasing to give you a clear picture of
your organization’s software assets, including
licensing. IT might have a firm grasp of
its network and software assets, but without
licensing information, a compliance assessment
is worthless. If you add purchasing and
deployment to the mix to determine whether
too many or too few licenses are procured
and how the assets are deployed, gaining a
comprehensive understanding of the entire
process could be a nightmare. Asset Portfolio
Management not only can give IT administrators
and business managers the full view
of IT assets and license compliance, it might
also unearth options for better procurement
and deployment efficiencies, cost management,
and streamlined processes.
HP OpenView AssetCenter
This solution
is designed to manage your IT asset management
lifecycle from procurement to management
and retirement. AssetCenter lets you
compare business goals and the software
tools necessary to accomplish those goals
with what’s in your software asset library.
This comparison capability could save you
from having to buy additional products and
licenses if you already have the assets on
hand. Then you’ll need to monitor changes in
the IT infrastructure so that assets aren’t lost
when new employees are assigned new assets
or existing assets are reassigned. AssetCenter
consolidates IT asset information in a CMDB
repository, including user information (more
about CMDBs a little later). It also includes a
license repository for ongoing monitoring of
asset procurement and usage.
LANDesk Management Suite
LANDesk’s asset lifecycle solution provides discovery,
metering, and license-compliance features. The LANDesk Management Suite also lets
administrators set policies to stop use of
unauthorized or unlicensed software. An IT
admin can set policies for unauthorized programs
or types of programs, such as games
and audio and video players. AssetCenter’s
remote control module lets administrators
delete unauthorized programs from users’
computers, even if the users are off the LAN
and working remotely.
Absolute Software’s Computrace
Computrace is geared toward organizations whose
asset management concerns are mainly about
security or PC drift. Since most discovery tools
provide only an asset snapshot, assets that
move around might easily get lost. Computrace
enables asset tracking, policy setting,
and remote control, but its differentiator is the
client agent. The agent proactively reports to a monitoring center the asset’s MAC address,
any configuration changes made to the asset,
and policy violations. Computrace also
includes a LoJack for Laptops option, a theftprotection
service that tracks, locates, and
recovers stolen computers. Computrace can
be embedded in a computer’s BIOS firmware
at the OEM factory or installed on a computer’s
hard drive. When embedded in the
BIOS, Computrace will survive OS reinstallation,
hard-drive reformatting, and even harddrive
replacement. Computrace is supported
on 32-bit versions of Windows Server 2003,
Windows XP, and Windows 2000 and 32-bit
and 64-bit versions of Windows Vista as well
as on Mac OS X.
Continued on page 2
AppSense Terminal Server License Management
This product, a component
of AppSense Management Suite (you can
buy it separately from other products in the
suite), offers policy enforcement and application
restrictions for application-delivery
infrastructures that are based on Windows
2003 Terminal Services or Citrix Systems
products. Since Microsoft’s Terminal Services
licensing is frequently based on potential
application users rather than actual or
concurrent users, proactively restricting
application access can greatly decrease the number of licenses an organization
must acquire. AppSense’s kernel-level filter
driver intercepts all file-execution requests
to determine whether they’re authorized. If
not, the user gets a denial message.
Microsoft System Center Configuration Manager 2007
Asset intelligence, a feature
of Configuration Manager 2007 that’s
been around since Systems Management
Server 2003 SP3, provides a variety of reports
in the areas of license management, software
metering and inventory, and hardware
inventory. These reports, which draw from
the inventory and application-usage data
that Configuration Manager collects, can
give IT an accurate picture of hardware
and software usage in an organization. For
example, the license management client
agent reports provide information about licenses in use and time until expiration; the
software agent collects information about
software titles installed on IT assets. The
license management reports are formatted
similar to a Microsoft License Statement
for easy comparisons. By comparing the
software asset intelligence reports with the
license management reports, you can determine
whether you’re complying with your
Microsoft application licenses.
By default, asset intelligence isn’t enabled in Configuration Manager. To gather software asset information, you must enable the hardware inventory client agent and the applicable classes in the sms_def.mof file. Microsoft provides direction for configuring asset intelligence data collection and all the classes that must be enabled at technet.microsoft.com/en-us/library/bb694072.aspx. A number of software reports also rely on the software metering client agent for data. Instructions for configuring software inventory for a site are at technet.microsoft.com/en-us/library/bb633191.aspx.
SAM Trends: Integration and CMDBs
The integration of SAM products into larger,
more inclusive network management solutions is the next market step. The ability
to use the data from the discovery tool and
license management repository as part of a
larger CMDB operation is what vendors are
striving for in the near future.
For example, Numara Software is integrating its SAM product Track-It! with its Foot- Prints service desk solution to provide more IT services in one package. The Numara Track-It! asset management and Help desk solution combines the discovery, metering, and license repository of a SAM system and a full Help desk solution. Track-It! also has modules for software deployment, patch management, administration remote control, and network monitoring. When the product’s discovery, metering, and license-compliance tools complete their tasks, Track-It! creates a Help desk ticket to make sure the information gets to staff whose job it is to resolve compliance issues. For example, the Track- It! discovery and license-compliance tools might find that a company has 125 Microsoft Office 2007 installations, but its license allows only 100 installations. Track-It! will create a Help desk ticket to assign someone to determine whether all 125 installations are necessary and the Office 2007 license must be upgraded, or whether the Office 2007 instances can be uninstalled to comply with the current license.
Other integrated solutions, such as CA Unicenter Asset Portfolio Management, HP OpenView AssetCenter, and LANDesk Management Suite, are also moving toward incorporating CMDBs in their products. A CMDB—basically a single-source-ofrecord for everything related to IT—contains information about an organization’s IT assets, including hardware, software, and employees, and their relationships with one another. A CMDB is required if your organization is adopting the best practices of an IT Infrastructure Library (ITIL) and also is a key element in IT Service Management (ITSM: the relationship between enterprise IT infrastructure and the organization’s business goals). SAM is one component of the CMDB.
Having a complete CMDB can benefit an IT department by giving you better knowledge
- for budgeting and purchasing. The CMDB is a central repository with knowledge of every configuration item, its use, its compliance with license limitations and requirements, and how each asset is related and affected by every other asset. Once you understand what applications and assets are frequently used, and which are not, you can better support budget and procurement requests.
- giving you more control over IT assets. When you have a central repository of IT information, you can monitor all your hardware and software assets and be notified of any configuration changes or software installations. With that information and information about how those changes might affect other enterprise IT components, you’ll have more control over your IT infrastructure.
- helping you respond to events that cause loss of productivity and downtime. Using the CMDB, you can trace how and when an event occurred and what processes it affected, which can help you identify and resolve the problem.
Implementing a CMDB
Organizing and collecting all the data necessary
for a successful CMDB is the formidable
barrier to its widespread adoption. IT will
need to obtain the cooperation of departments
such as purchasing and HR to integrate
purchasing data with the automated
asset-discovery tool and license repository.
Other impediments include the problems
that come with a single-point-of-entry database
approach and the ability to host such a
large repository in one location. The idea of
a federated database is gaining acceptance
in the ITIL community. The CMDB would
store a limited amount of data on each configuration
item, then link to other locations—
known as CDMB extended data sites—with
expanded knowledge of the requested item.
This approach would meet the goal of establishing
a single point of reference for IT
knowledge, but reduce the CMDB’s size.
Implementing a CMDB is a long-term process. You may have to change many processes and win over staunch detractors. Then there are the financial and time commitments that implementing a CMDB will require. Here are some of the steps you’ll have to take during the process:
- Educate your employees about CMDB benefits. To successfully establish a CMDB, you’ll have to have enough support to get every department on board.
- Determine how IT can support your business goals.
- Establish what data the CMDB requires and where it currently resides. Interdepartmental cooperation will be essential.
- Use an automated discovery tool to find out what assets you have. The database is only as good as its data.
- Integrate data from disparate applications and departments, such as licensing information and requirements, purchasing processes, and asset retirement procedures.
- Diagram the relationships between configuration items. This is crucial and possibly the most important step to developing a successful CMDB.
- Establish the CMDB administrative processes. Decide who has access and how information is to be updated.
Better Information About
IT Assets
If you’re seriously considering implementing
a SAM solution, keep in mind that it will
likely be part of a CMDB. Therefore, you’ll
need to determine which departments must
be involved in preparing for the SAM and
CMDB and start getting key people on
board. You’ll also need figure out how to
integrate disparate departmental operations
programs and databases and initiate the
process of integrating their data. As you’ve
probably gathered by now, putting a SAM
in place involves some significant effort,
but the ROI will come in increased network
efficiencies, time and money savings, and
perhaps most important, peace of mind in
knowing that your organization is complying
with licensing agreements.