MAy 2012 SoFtWaRE LIFECyClE MaNaGEmENt - StateTech Magazine

CDW.com/softwareguideSo, if an accounting staff has accessto the enterprise accounting systemunder a 25-seat license, members ofthat staff alone may use the software.Even on a weekend when most of thelicenses are idle, someone from thecontroller’s office cannot log on andgain access to the bookkeeping.Concurrent-user license: Theselicenses allow a specific number ofindividuals, regardless of identity, touse an application simultaneously. Ifall of the licenses happen to be in useat a given moment, no one else in theorganization can use the softwareuntil someone else logs out.Volume license agreement: This typeof license gives discounts for as few asfive licenses. For larger organizations,discounted prices often leave out mediaand documentation. Beyond that,software manufacturers typically offer awide variety of volume licensing options.For example, Microsoft has severalplans for large organizations. Customerscan purchase enterprise agreements,which include both onsite and cloudhosted licenses. Enterprise subscriptionagreements may require a lower initialoutlay, but the customer doesn’t gainperpetual use rights. Each of theseprograms is available in differentarrangements for governmental,nonprofit and educational organizations.Licensing ConsiderationsOrganizations should take thetime to plan exactly which end-userlicense agreement (EULA) works bestfor them, understanding that this willvary by application. Organizationwideutilities are probably best purchasedunder a concurrent-user setup. Forspecific professional functions, it mightbe best to go with a per-seat license,assigned to specific individuals.Most software vendors do notallow swapping users in and out ofaccess permission if the total numberof users will exceed the terms of thelicense, even though no more than themaximum number of licenses mightbe used at a given time. That is, anorganization can’t buy a 50-user, perseat license and give 74 people access.Also, the IT staff should check to seewhether a volume license agreementallows installation on computersnot belonging to the organization,such as a contractor’s device.Virtualization has brought a newwrinkle to the issue of managingsoftware. When virtualization (whichto software vendors looks like serverpartitioning) first became popular,conflicts arose over licenses becausemultiple instances of licensed copiesran simultaneously. But the industryhas since settled down. Now softwarevendors offer ways for clients to operatein virtualized environments withoutincurring exploding license fees.All of these considerations add upto the need for an organizationwideapproach to planning, acquiring andmonitoring software resources. ITgroups that have comprehensiveinformation on their inventoriesand on the contracts under whichthey are acquired will see notablebenefits such as the following: I mproved vendor relations:These improvements will bebased on trust stemming fromthe ability to prove compliancewith licensing arrangements. O perational agility: Thisbenefit stems from beingable to quickly provision newusers and accommodateemployees’ changing roles. Financial efficiency: This gain isderived from getting the most outof every software dollar. It’s easyto overbuy software and spend toomuch on unused licenses or havesuboptimal license agreements.Underbuying can, ironically, also beexpensive when an organizationbuys single or low-volume licensesad hoc because of poor planning.That drives up the price per seat. 800.800.4239CDWSoftwareLifecycleManagementCDW approaches software managementas a lifecycle. We help manage thecomplexities of software and maximizereturn on investment. As a trustedadvisor throughout the lifecycle of anorganization’s agreements, we offera variety of resources to consult andmanage your software solutions.Our lifecycle approach includesthe following: Technology validation: This includesbriefings and strategy sessions toensure the right technology meetsthe business requirements. Licensing purchase assistance: Thisincludes evaluating total spend, assets,usage and purchase history; proposingtotal cost of ownership (TCO) and ROIfriendly contracts; optimizing throughvendor and contract consolidation. Contract management: This includesensuring contract compliance fortrue ups and renewals and providingupdates on products, licensingand technology roadmaps. Deployment: This includes providingsolutions budgets, ensuring therealization of purchase valuethrough deployment, and utilizingpackaged design, planning andpilots for rapid deployment.5

chapter 2The Benefits of SAMLicense ComplianceAuditsSoftware AssetManagementPlanning and implementing strategies for softwareIT leaders looking to better managesoftware resources must considersoftware in the right context. It’shard to imagine that there was a timewhen computer manufacturers gaveaway their software to help sell theirhardware. But today, when you think ofan organization’s software expenses andcouple that with software’s importancein day-to-day operations, it becomesclear that this productivity resource is amission-critical, strategic investment.This is where software assetmanagement comes in. SAM is acombination of several things: a wayof thinking, a strategy, a processand a set of implementation tools.This chapter addresses the firsttwo, thinking and strategy.SAM is often touted as a way to managesoftware licenses so that an organizationremains in compliance with oftencomplex licensing arrangements. This istrue — but SAM is much more than that.A comprehensive software assetmanagement plan starts with thinkingabout the goals for the SAM deployment.6The first goal should be obtaining anaccurate and complete knowledgebase of all the organization’s softwareresources. That should include bothsoftware in active use and softwarethat, for a variety of reasons, theorganization owns but doesn’t use.That unused software is moreimportant than it may seem because infinding it, the enterprise is discoveringassets that cost real dollars but accrueno benefit. In fact, organizations mayexperience a valuable by-product ofsoftware discovery: It often uncoversunused or underused hardwarethat amounts to latent assetsavailable for disposal or recycling.If discovery is the first goal, thesecond goal should enumerate thebenefits that the organization expectsfrom its SAM strategy. These benefitsaffect the entire organization, notmerely the IT department. IT staffshould spell out these benefits toother departments, because a SAMdeployment is going to involve morethan just the IT department.

CDW.com/softwareguideThe Benefits of SAMSoftware asset management cansave direct software outlays. That is, itcan reduce, or at least slow, the growthin the software budget. It does this in anumber of ways including the following.Rightsizing licenses: Multiple instancesof multiseat or multiconcurrent userscan cost more than a consolidated,enterprise license when calculatedon a per-user basis. SAM reveals thisenterprise view of software and thelicense terms under which it was acquired.By the same token, a divestiture oroutsourcing of some business functionsmay leave an organization with anoversized license arrangement for someapplications. That presents anotheropportunity for savings via rightsizing.Stopping needless purchases: Often,a department or business function willpurchase a single-user license for anapplication that the IT department hasunder a multiseat or enterprise license.By comparing available licenses withusers, a SAM program can potentiallydiscover unused licenses and avoidunnecessary expenditures.Rescuing unused assets: When the ITdepartment decommissions hardware,especially end-user devices such as PCsand notebooks, related licenses mayalso go out the door. That software canbe uninstalled and kept for later use.Reducing indirect software costs:These include security and patchingdownloads, installing upgrades andconfiguration management. SAM canhelp harmonize versions across theenterprise and thereby streamlinethe software maintenance process.The knowledge leading to thesavings illustrated above also enablesmore efficient operation of the ITdepartment. Suppose an acquisitionor personnel expansion will add moreusers of a particular application than anorganization already has licenses for. Alicense analysis could present options intime for the organization to be ready. 800.800.4239Would a full enterprise license be more economicalthan expanding an existing multiuser plan? Is a serverbased, concurrent-user license the way to go? Doesone department have unused licenses that could betransferred to make up for a shortfall? Is it time to moveto software as a service (SaaS), using a cloud provider?Having knowledge of what versions of applicationsare where allows the IT department to automateroutines such as installing patches and rolling outupgrades. This frees up IT staff for higher-level activitiessuch as strategic planning and implementation.Knowledge of software assets also benefits users byensuring more timely upgrades and the added functionalitythey bring.License ComplianceAs global competition has grown increasingly intense,protection of intellectual property and prevention ofpiracy have become hot topics. Software vendors havebecome more vigilant in enforcing licensing agreements.It should be simple: Buy software and use it how you please.Unfortunately, software acquisition and use are anythingbut simple at the enterprise level. Given that softwareacquisition can be a quarter of an organization’s IT budget(when looking at direct costs), careful attention to softwarelicensing can pay big financial and operational dividends. Software License BasicsReading through the legalese of a software license contract can be a dullexperience. Digging beneath the wording, a typical contract should cover thefollowing basics: Number of concurrent licenses, andthe process (and price) for adding toor subtracting from that number Geographical limitations onusage, if any, where satelliteor foreign locations exist Whether usage is exclusive tothe organization; for example,with customized or customcoded software used in acompetitive business situation Whether usage is transferable tooutside parties, such as contractworkers or business partners Length of usage, whetherlimited or perpetual Terms of transferring usageor installations, such as fromone computer to another Terms of acceptance regardingwhether the software issuitable for the intended use Upgrade and patching terms Terms of support; for example,whether it is provided 24x7 oronly during business hours7

chapter 2Agreements are only the start of theusage relationship, though. Softwarevendors reserve the right to conductlicense audits of their customers.An audit can be disruptive and timeconsuming. That’s bad enough.But if an organization doesn’t havean accurate inventory of its softwareassets, it may unwittingly be committingsoftware piracy. Unauthorized copies,more users than permitted, evenvirtualization-related instances notbacked up by licenses — theseconditions can all result in expensivefines and a loss of negotiatingstrength with the software vendor.In a sense, deploying a softwareasset management program givesthe organization an ongoing licenseself-audit. That means when a softwarevendor notifies an organization ofan impending audit, it won’t needto perform a frantic inventoryand last-minute license check.More important, the organizationwill have confidence that its softwareusage complies with its licensingagreements. That lessens the chanceof a fine or related negative publicity.And from the software supplier’sperspective, a management programidentifies an organization that is seriousabout compliance. So a SAM programcould actually lessen the frequencyof audits and put the organization in astronger negotiating position for futureexpansion as business needs change.their lifecycles, or it could be somethinglike an operating system upgrade.Regardless, a change in enterprisesoftware is a logical opportunity todetermine what license quantities anorganization holds and what it needs. InAuditsOrganizations often start a structuredsoftware asset management planunder threat of an audit by a softwarevendor. An audit certainly providesgood motivation to have a SAMstrategy in place. But SAM is bestimplemented in stages, each stageadded as the organization gainsmaturity in using the SAM system.Still, an audit should trigger at leasta first-stage implementation of SAM.A good first step is for the enterpriseto compare its software instanceswith its license agreements.This step, when done with astandards-compliant SAM tool,provides trustworthy data that will (ineffect) certify to the auditors that theorganization is in compliance. Or it will letthe organization discover any unlicensedsoftware copies and correct them.A major software upgrade affectingthe enterprise can also trigger a SAMdeployment. This could be a hardwarereplacement as PCs come to the end ofeffect, the IT shop uses the occurrenceof the upgrade to establish a baseline. Ifthe baseline is part of a SAM deployment,it will be continuously updated.The Sarbanes–Oxley law requiresaffected companies to demonstrate theintegrity of the technology systemssupporting their financial management.So another trigger for a SAMimplementation would be anticipation of aSOX financial audit. SOX compliance is notjust a matter for the financial department.Reliable, verifiable financial data requiressystems with the same qualities. SAM canshow regulators or financial auditors that: Th e organization managesfinancial systems to minimizethe risk of data loss or corruptionfrom cybersecurity breaches. Computers are configured to preventunauthorized release of private andpersonally identifiable information. I nternal controls minimize the risksfrom insider trading, embezzlementand fraudulent financial reporting. Standards for Software ControlTwo major sets of standards cover software asset management.The International Organization for Standardization (ISO) andthe International Electrotechnical Commission (IEC) createda standard, 19770, for software asset management. As aremany standards, ISO/IEC 19770 is a work in progress.The ISO standard has three components, the third of whichis still under development. 19770-1 lets organizationsestablish a framework of best practices for SAM.Basically, 19770-1 takes industry best practices andattempts to work them into a kind of unified code.The second component, 19770-2, establishes data standardsfor tagging software by SAM tools. The third data standard,covering the entitlement elements in software licenses,is still under committee work. It will be titled 19770-3.8The second set of standards, included in the IT InfrastructureLibrary (ITIL), take a slightly different approach. ITILplaces software under a superset of what it callsservice assets. The term refers to any financial asset,including those that comprise the IT infrastructure.An effort called ISO/IEC 20000 seeks to harmonizethe standards of the two groups. Understandingand tracking the standards and their ongoingdevelopment is a discipline unto itself.As a practical matter, IT managers should look for softwareasset management tools that incorporate the best practices asdefined by the standards bodies. They signal an organization’sseriousness of intent toward good software management.

chapter 3Acquisition PolicyThe SAM CycleThe Software AssetManagement CycleInitiating a continuous management processMaintaining control over softwareassets requires a continuous processin order for software licensesand usage to stay in sync within adynamic organization. People andcomputers come and go, patchesand upgrades arrive, business andoperational requirements change.Sound advice from the BusinessSoftware Alliance and other expertscoalesces around three critical steps:1. K now, or find out, what softwarethe organization has.2. Compare the organization’sneeds with what its licenseagreements provide.3. Adjust inventory, policies andmanagement approaches tokeep requirements, licensing andsoftware instances aligned.Broken down in that manner, managingsoftware seems simple. But evenbefore an enterprise begins a softwareasset management program and buysa tool to carry out SAM, it should havesome preliminary steps in place.Acquisition PolicyA software acquisition policy can help manage softwareeven if the enterprise never embarks on a formal SAMprogram. Such a policy should include the following elements.Clear guidelines for who is authorized to acquire software:Best practices dictate that any strategic investment, includingsoftware, should be handled in a centralized manner.An exclusive list of allowed software: If it’s not on the list,it isn’t allowed, except perhaps by written authorization.Applications for exceptions should be in writing.The allowed list should be accompanied by a blacklist ofspecifically disallowed software, principally peer-to-peerfile-sharing programs. P2P software exposes the enterpriseto two dangers: illegal copying and the importation of malware.A prohibition on user-installed software: The networkadministration can enforce this rule centrally, so that onlysomeone logged on as an administrator can download, alteror copy software.Some organizations establish a policy board that mayconsist of representatives from the IT team, purchasing andaccounting. Responsibility for software asset managementshould reside with one person. That individual becomes theperson responsible for conducting the SAM cycle, maintainingthe records and answering questions about the program.9

chapter 3LeadingSAM ApplicationsSAM applications range from single-brand license compliance tools to fullfledged management suites that let the IT department track hardware andsoftware. ITIL standards recommend integration of software services withhardware as a best practice.Most vendors provide free, downloadable trial versions of their SAM tools.Vendors continue to emphasize tools to ease the migration of users fromWindows XP or Vista to Windows 7.Given the growth of Apple OS X by users in large enterprises, most of the suitesnow track these assets. Here are examples of some of the more robust SAMtools available.CDW Software License Manager: This is offered free to customers and showswhat licenses are about to expire. It provides a complete, detailed purchasehistory, including the types of licenses purchased (for instance, single-boxor enterprise).CDW’s Software Asset Manager: This solution is available for purchase and it addsfunctionality to the free license manager. It gives information on an organization’sentire software landscape, licensed and unlicensed, including software thatthe organization may be entitled to but is not using. It also tracks hardware.LANDesk Software Management Suite: This is a toolset composed of softwaredistribution, license monitoring and hardware power management resources.LANDesk Software has updated the suite to optimize it for management ofmobile devices, including the software licenses that might be on them.Microsoft System Center Suite: This offering provides asset lifecyclemanagement capabilities, visibility into existing software assets, and integratedphysical and virtual server management and monitoring among itsnumerous capabilities.Microsoft’s Asset Inventory Service (AIS): This tool provides a comprehensiveview into software assets deployed on desktops across an organization, scanningthis inventory and translating the collected data into actionable information.Microsoft Windows Intune: This cloud service is a single, easy-to-deploysolution for PC management and security. It provides updated managementand asset inventory within a unified experience. This solution also includesupgrade rights to Windows 7 Enterprise and future versions of Windows.Novell ZENworks 11: This is a four-component suite of tools for managing assets,configuration, endpoint security and patches. The asset management tool trackslicenses plus details of usage, even for multiple application users on a singlemachine. It features “connectors” to resellers from whom the organization mayhave acquired software, and normalizes license data from multiple sources.Symantec’s Altiris Asset Management Suite: This solution approachessoftware asset management from a lifecycle and configurationmanagement perspective. Recent versions have improved search toolsand an ITIL-compliant configuration management database that lets anorganization model the financial impact of changes to products tracked.10The SAM CycleThe software asset managementcycle can be broken down into threeprimary steps. This cycle addresses thekey steps needed to effectively managean organization’s software resources.Once implemented, it can be repeated andfollowed through on an ongoing basis.SAM Cycle Step 1: Review. A baselineinventory of software will enable theIT staff to later craft a migration pathtoward sound software management.Many organizations are often shockedby the number of out-of-date, unlicensedand unauthorized applications foundon their networks. This often variesfrom department to department.For example, a creative group is morelikely to have third-party add-ons orplug-ins to the tools they use, such theAdobe suite. Engineering teams are alsofertile ground for highly specific butunsupported application

track of. A software asset management plan should therefore integrate software procurement with software resource management processes and tools. But before the IT shop applies tools for software asset management, the enterprise must establish goals and policies to ensure that those goals are met. Software asset management becomes an easier