By Alex Geuken. April 14, 2020.
It all starts with inventory and normalization. “Software Asset Management (SAM) is a business practice that involves managing and optimizing the purchase, deployment, maintenance, utilization, and disposal of software applications within an organization.”
How do you manage applications you can’t find? SAM always starts with data discovery of installed applications and normalization. Without this it doesn’t matter how many, or how good your processes are, you will still be either over-licensed or incompliant. It’s like trying to find a needle in a haystack – blindfolded.
Software Normalization is a process of finding the needle in a haystack, one installed application generates hundreds to thousands of lines of raw data. The first step is to gather all the raw data and separate the lines that are unique. For example, consider Microsoft, which comes in versions, editions and suites – such as Office 2019 Standard, Office 2019 Professional Plus, Office 365 ProPlus, Office 365 E3, 365 E3 and so on. Furthermore, you have all the components of the suite(s) such as Excel, Word, PowerPoint, Access, InfoPath, OneNote, Publisher, Sway, Teams, OneDrive and Outlook.
We talk about this in terms of Known Unknowns and Unknown Unknowns. With a Known Unknown, you know you are incompliant with Adobe, but you just don’t know how much. With an Unknown Unknown, you receive an audit letter for a vendor and application you didn’t even know you had. If the application is not normalized/recognized you would never have detected it, optimized the spend, or checked its compliance.
The reason why Xensam uses its own agent is that we can trust the data, where we collect enough raw data and actual usage, making the normalization process of applications, versions, editions and suites easy and more trustworthy. If you are thinking of using existing inventory sources for software normalization, you will invariably fail. Microsoft SCCM and many other discovery agents are not built for software normalization as they only collect parts of the raw data you need for software normalization, which is not enough. For example, you can normalization the application, but you don’t know if it is a free version or if it requires a license. It can be expensive if you don’t know if you are running SQL Express or Enterprise or even if you’re running a free version of Java or if you are running an update that requires a license. Secondly, with third party discovery sources, you don’t get usage. Now, you may say that SCCM provides usage, but NO: it only shows how much the application has been running in the background, how much it’s been open, and not how much it’s been actively used. E.g. Outlook – it’s the first thing you open when you start your day and the last thing to close. Have you worked for 8 continuous hours in Outlook that day? This is not trustworthy data: Xensam provides both Total Usage and Active Usage, so you can see both.
We recommend choosing a SAM tool that is built for software asset management and software normalization, which comes with a purpose-built agent. The agent is lightweight, reports data using only https, doesn’t require reboot after installation and you get a prebuilt MSI package that can be distributed via deployment tools or GPO in AD. Implementation takes usually less than 5 days for a medium size company.
How good is your control over your software environment? Do you know how many vendors, application variations or applications that require a license? Which suites and applications have reached EOL in your environment? What is your installed reality? This will be a nasty surprise the day you get an audit if you don’t have control of it. What you think you have or estimate that you have is not something you want to find out during an audit. “I didn’t think we had any Oracle DBs here…” or “we shouldn’t have any SQL Enterprise installed in this cluster”.
With Xensam, you will have all applications normalized out-of-the-box, categorized with correct version, edition, suite, EOL, release date and category, which will provide full control before you get an audit.
The purchased reality when it comes to software is almost more complex than the installed reality. How well have you organized your contracts and licenses? When is the next renewal, true-up or maintenance scheduled? When do you start the process of renewing a Microsoft contract? How do you prepare for an Oracle Renewal? Are your contracts decentralized and are licenses bought by several different Business Units and managers? Did you purchase Enterprise, Pro or Standard licenses? How many did you buy? What license metric did you purchase: installation, processor, cores, concurrent users or total users? Do you have any unused licenses in a license pool? Are you re-harvesting? Xensam provides a simple overview where you can see, search and manage all of your licenses. Get notifications if you are under-licensed, over-licensed or need to renew licenses in time.
When you have both the installed reality and the purchased reality, you can calculate compliance. Here is also where you can see any deviation, such as you purchased Standard edition but installed Pro edition, or where you purchased 10, but installed 15, or where you purchased 500, but only installed 244, where 128 were used, and only 55 were actively used. You purchased 12 cores but ran the software on 36 cores.
Simplify complexity: The software vendors don’t want you to be compliant! That’s why they make compliance complex. Some of the biggest software vendors have revenue streams of up to 30-40% coming from compliance/audits. They have complex license metrics, virtualization rights, SA/Maintenance rights, and features/functions rights. Then, to simplify compliance, you need to combine the installed reality and the purchased reality, which will allow you to manage your compliance.
In general, a software vendor’s goal is for you to overspend, to overcommit. All companies are over-licensed, which can be in the form of shelf-ware, or maybe where 500 were installed but only 100 licenses were being used. Actively purchasing SA/Maintenance but using significantly older editions or paying for Enterprise/Pro functionality but only using Standard functions. Paying for a suite and using less than 40% of the components is inefficient, and you could probably downgrade to a lower suite.
To manage SAM, you need to know what to manage. If you have a great process or knowledge but you are not implementing it because you aren’t aware you have that vendor/application in your environment, that knowledge or process is useless.
In conclusion: Without software normalization you will miss the following:
This will result in a poor compliance process, optimization or preparation for an audit. Shadow IT is the phenomena where applications such as Web Application subscriptions are started without any involvement from IT, Procurement or Management. The only thing you need is a credit card, which can be a company card or the employee’s private credit card, which is then claimed back via expense reports. At the same time, the companies Software Asset Manager might think he has great control, because he can’t be worried about what he can’t see…
A quote from Swedish Carl Von Linne:
“If you don’t know their names, knowledge about things is useless.”
If we translate this quote for SAM:
“If you don’t have normalization (normalization) of the application your knowledge of compliance, license metrics or process is useless.”