Released July 2012, Updated April 2013 | by Dr. Yvan Philippe Luxembourg
ContentExecutive Summary
|
Executive Summary
This report is aimed at those in Management (with little experience in licensing) faced with the challenges of Software Asset Management. It may also help software asset managers and licensing experts convey information to their management.
These six decisive questions tackle the main challenges companies are faced with regarding Software Asset Management. They will help you to discover the disparities in your organization and to define your objectives for Software Asset Management (SAM).
The report is presented in two chapters:
- Chapter (I.) – Is Your Estate Worth Managing? – answers three questions related to your estate footprint and complexity. Some customers have large software estates composed of hundreds of servers or thousands of workstations. Furthermore, their estates may be riddled with complexity: they may use products licensed from major vendors such as Oracle, IBM or Microsoft; their infrastructure estate may be internationally distributed – even outsourced to a provider of hosting or IT services; they may use virtualization technology for server, desktop or application virtualization. Their annual spending on software licenses (CAPEX, OPEX) may be very high – and they may even have agreed to an enterprise agreement, such as Oracle ELA or ULA, Microsoft EA or IBM iESSO.
- Chapter (II.) – Could Your Estate Be Better Managed? – details three questions related to the management of your estate. A dedicated organization for Software Asset Management (SAM) is an adequate start when it comes to managing your license estate. A SAM tool, such as Spider, SmartTrack or Matrix42, promotes transparency and helps with generating accurate compliance balances – and supports mandatory license administration tasks. Licensing expertise for the main products and vendors you use – and the smaller vendors with high audit risk – is highly recommended. Customers should actively manage an audit (time, process, data) and the auditors – and install a Secure Data Room (for data security).
In the Appendix we disclose a detailed evaluation framework for these questions.
Should you have any questions, please contact OMTCO; contact details are listed at the end of this report. For those executives interested in sharing their thoughts on licensing, Software Asset Management or compliance audits, we highly welcome your feedback and comments.
I.) Is Your Estate Worth Managing?
These three questions deal with judging the complexity of your estate, i.e. your software, infrastructure and license estates.
Q1 – Do you have a large software estate?
Do you have a large server software estate supported by hundreds of servers?
Do you have a large client software estate supported by thousands of computers?
Do you use products licensed from Oracle/IBM/Microsoft or other critical vendors?
Q2 – Do you have a complex, heterogeneous infrastructure?
Do you have an internationally distributed, heterogeneous infrastructure?
Have you outsourced parts of your infrastructure (hosting, service providers)?
Do you use virtualization technology for server, desktop or application virtualization?
Q3 – Do you have a large, complex license estate?
Do you purchase software licenses or maintenance at high costs (EUR)?
Do you have any vendor agreements in place?
Do you acquire licenses through an international, decentralized purchasing organization?
Recommendation:
If you answered “yes” to any of the questions above, your estate is worth managing. A detailed evaluation of questions Q1, Q2 and Q3 can be conducted using the framework proposed in the appendix.
II.) Could Your Estate Be Better Managed?
These three questions deal with managing your estate, regarding Software Asset Management, licensing expertise and compliance audits.
Q4 – Do you need functional Software Asset Management (SAM)?
Do you need a dedicated SAM organization (centralized/decentralized)?
Do you need to generate accurate compliance balances using a SAM tool?
Do you still have mandatory license administration tasks waiting to be completed?
Q5 – Do you need licensing expertise?
Do you need further licensing expertise for the main products/vendors you use?
Do you need further licensing expertise for smaller vendors with high audit risk?
Do you need to make changes to your infrastructure for it to be fully compliant with all licensing requirements?
Q6 – Have you been confronted by compliance audits in the past?
Have you ever been confronted by vendor audits in the past?
Have you ever been required to pay any penalties / settlement claims (EUR)?
Do you think that you could have better managed audits (time, process, data) and auditors, or could have installed a Secure Data Room to protect your data?
Recommendation:
If you answered “yes” to any of the questions above, your estate could be better managed. A detailed evaluation of questions Q4, Q5 and Q6 can be conducted using the framework proposed in the appendix.
(Released July 2012, Updated April 2013)
Appendix – How To Use The Evaluation Framework
1.) Evaluation
The following questions (in the next section of the Appendix) should be answered with regards to your specific organizational setup.
Each answer corresponds to a value from 1 to 3 (1 = low, 2 = medium, 3 = high). After answering all the questions and gaining a value for each one, calculate the average to gain an overall evaluation.
The higher your average evaluation, the more valuable SAM is for your organization. We recommend customers to tackle each single question on the side of caution, giving an indication of the potential or latent risk, rather than understating it.
An average evaluation over 2.5?
- Software Asset Management (SAM) should be of major importance for your organization, its benefits largely outweighing its costs.
- Furthermore, you should consult a licensing specialist, as your particular situation seems to have large potential risks.
An average evaluation between 1.5 and 2.5?
- You should further analyze which selected aspects of Software Asset Management (SAM) would benefit your organization.
An average evaluation between 1.0 and 1.5?
- You should further analyze the questions to which you answered with the highest values, especially if those are related to licensing expertise or compliance audits.
- Some specific aspects of Software Asset Management (SAM) could benefit your organization.
2.) Licensing Background
- Q1 – A large software estate, spread across hundreds of servers and thousands of client computers (workstations), results in more lengthy licensing tasks. Using products licensed from Oracle/IBM/Microsoft – or other vendors with aggressive tendencies regarding audits – requires broader licensing knowledge.
- Q2 – A heterogeneous infrastructure – mixing mainframes and servers, thin and fat clients, hardware and virtualized environments – creates subsets with various infrastructure and licensing requirements. Furthermore, there is an additional organizational layer in case an outsourcer provides part, or all, of the infrastructure – rendering licensing data collection more difficult. Virtualization technology for server, desktop or application virtualization increases the number of products in use and the dynamic nature of the infrastructure – and thus increases licensing requirements.
- Q3 – High purchase volumes (EUR) for licenses and maintenance generate a large license estate, high CAPEX (depreciation on licenses) and high OPEX (maintenance) – all need to be dealt with. Vendor agreements – such as Microsoft Enterprise Agreement (EA) and Oracle Unlimited License Agreement (ULA) – impose stricter licensing rules and restrictions. An international, decentralized purchasing organization reduces the transparency of license purchases.
- Q4 – A dedicated SAM (Software Asset Management) organization, encompassing major products/vendors/subsidiaries, is key to having functional SAM. The ability to generate accurate compliance balances using a SAM tool is vital. Also, your mandatory license administration tasks should be completed, such as IBM Sub-Capacity reporting, Oracle license termination, and Microsoft license transfers in MVLSC.
- Q5 – Your licensing expertise is sufficient if it covers the main products/vendors you use, as well as any vendors with aggressive tendencies regarding audits. You should have already adapted your infrastructure to be fully compliant with all licensing requirements.
- Q6 – The compliance audits you have been confronted by in the past are a good indicator of your licensing compliance, as are the settlement claims (EUR) you may have been required to pay. Customers should reflect on whether they could have more actively managed audits (time, process, data) and auditors, or could have installed a Secure Data Room to protect their data.
Appendix – Evaluation Framework
Q1 – Do you have a large software estate?
Do you have a large server software estate with hundreds of servers?
| Evaluation | 1 | 2 | 3 |
| Licensed software – How many servers with licensed software do you have in use? | < 100 servers | ≥ 100 servers | ≥ 1,000 servers |
Do you have a large client software estate with thousands of computers?
| Evaluation | 1 | 2 | 3 |
| Computers / Workstations – How many workstations (client devices) with licensed software do you have in use? | < 1,000 workstations | ≥ 1,000 workstations | ≥ 10,000 workstations |
Do you use products licensed from Oracle/IBM/Microsoft or other critical vendors?
| Evaluation | 1 | 2 | 3 |
| Oracle – How many servers do you have in use with installations of major Oracle products, such as Databases, WebLogic/IAS, Business Intelligence? | < 50 servers | ≥ 50 servers | ≥ 100 servers |
| IBM – How many servers do you have in use with installations of major IBM products, such as Cognos, SPSS, DB2, Informix, InfoSphere, LotusDomino, Rational, Tivoli, WebSphere? | < 50 servers | ≥ 50 servers | ≥ 100 servers |
| Microsoft – How many servers do you have in use with installations of major Microsoft products, such as Windows Server, Exchange Server, SQL Server, Sharepoint Server? | < 50 servers | ≥ 50 servers | ≥ 100 servers |
| Critical Vendors – How many servers do you have in use with installations of products from vendors with complex licensing requirements, and from those who conduct stringent compliance audits? | < 10 servers | ≥ 10 servers | ≥ 50 servers |
Q2 – Do you have a complex, heterogeneous infrastructure?
Do you have an internationally distributed, heterogeneous infrastructure?
| Evaluation | 1 | 2 | 3 |
| Data centers – How distributed is your server infrastructure? | 1 data center | ≥ 2 data centers | ≥ 5 data centers |
| International distribution – How international is your server and client (= workstations) infrastructure? | < 5 subsidiaries | ≥ 10 international subsidiaries | > 100 international subsidiaries in > 10 countries |
| Heterogenous infrastructure – Do you have a heterogenous infrastructure, such as mainframes and distributed servers, Thin and Fat Clients, virtual machines and hardware servers, etc.? | No | Infrastructure is somewhat mixed | Infrastructure is mixed |
Have you outsourced parts of your infrastructure (hosting, service providers)?
| Evaluation | 1 | 2 | 3 |
| Outsourcing – What proportion of your infrastructure is outsourced to providers of hosting and IT services? | < 10% outsourced | ≥ 10% outsourced | ≥ 50% outsourced |
Do you use virtualization technology for server, desktop or application virtualization?
| Evaluation | 1 | 2 | 3 |
| Server virtualization – How many servers do you use for server virtualization (example: vmware ESXi) for failover, high availability, mirroring? | < 10 virtual machines | ≥ 10 virtual machines | ≥ 100 virtual machines |
| Desktop virtualization – Do you have desktop virtualization (example: Microsoft VDI in combination with Citrix XenDesktop) in use? | No | in test phase | in use, in production |
| Application virtualization – Do you have application virtualization (example: Microsoft RDS in combination with Citrix XENApp) in use? | No | in test phase | in use, in production |
Q3 – Do you have a large, complex license estate?
Do you purchase software licenses or maintenance at high costs (EUR)?
| Evaluation | 1 | 2 | 3 |
| License assets – Do your license assets have a high value (i.e. replacement value – value of new purchases of licenses at current price, including regular customer discounts)? | < EUR 10 mil. | ≥ EUR 10 mil. | ≥ EUR 50 mil. |
| CAPEX – How high are your capital expenses (CAPEX) per year? | < EUR 2 mil. | ≥ EUR 2 mil. | ≥ EUR 5 mil. |
| OPEX – How high are your operating expenses (OPEX) per year? | < EUR 2 mil. | ≥ EUR 2 mil. | ≥ EUR 5 mil. |
| Maintenance – Do you keep all licenses under active maintenance, or at least consistent per each infrastructure element (server, etc.), such as Oracle Support, IBM S&S, Microsoft SA? | Yes | partly, but consistent | no or non-consistent |
Do you have any vendor agreements in place?
| Evaluation | 1 | 2 | 3 |
| Oracle – Do you have Oracle agreements such as Oracle ULA (Unlimited License Agreement) or ELA (Enterprise License Agreement)? | < EUR 10 mil. | ≥ EUR 10 mil. | ≥ EUR 50 mil. |
| IBM – Do you have IBM agreements such as IPAA (Passport Advantage), iESSO (International Enterprise Software & Service Option) or CEO (Complete Enterprise Option)? | < EUR 2 mil. | ≥ EUR 2 mil. | ≥ EUR 5 mil. |
| Microsoft – Do you have Microsoft agreements such as EA (Enterprise Agreement) or Select Agreement? | < EUR 2 mil. | ≥ EUR 2 mil. | ≥ EUR 5 mil. |
| Other vendors - Do you have enterprise or discount agreements with, for example, Adobe, Attachmate, CA, Infor GS, Informatica, SAP or Symantec? | < EUR 2 mil. | ≥ EUR 2 mil. | ≥ EUR 5 mil. |
Do you acquire licenses through international, decentralized purchasing?
| Evaluation | 1 | 2 | 3 |
| Centralized/decentralized – How centralized is your IT software license purchasing? | Central | ≥ 5 decentralized units | ≥ 10 decentralized units |
| National/international – How international is your IT software license purchasing? | National | ≥ 5 countries | ≥ 10 countries or 2 continents |
| Organizational centralization – How centralized are your IT software purchasing activities? | Central, global purchasing | Central, local purchasing | Decentralized |
Q4 – Do you need functional Software Asset Management (SAM)?
Do you need a dedicated SAM organization (centralized/decentralized)?
| Evaluation | 1 | 2 | 3 |
| SAM organization – How mature is your SAM organization, if it exists? | SAM organization covers all products, vendors, subsidiaries | SAM organization covers selected products, vendors, subsidiaries | No SAM organization in place |
Do you need to generate accurate compliance balances using a SAM tool?
| Evaluation | 1 | 2 | 3 |
| SAM tool – Do you have a SAM tool in place, such as SmartTrack/Aspera, Spider LCM/brainwaregroup, SNOW LM or Matrix42/U4U? | SAM tool generates accurate compliance balances | SAM tool rolled-out but no compliance balances | No SAM tool |
Do you still have mandatory license administration tasks waiting to be completed?
| Evaluation | 1 | 2 | 3 |
| IBM – e.g. IBM Sub-Capacity reporting, Passport Advantage site transfers, download of Proofs of Entitlement (PoEs) from Passport Advantage, archiving of PoEs, license pooling? | All tasks done | Some tasks done | Hardly any tasks done |
| Oracle – e.g. license termination, ASFU assignment, license pooling? | All tasks done | Some tasks done | Hardly any tasks done |
| Microsoft – e.g. license assignment (device/user), license migrations, Microsoft license transfers in MVLSC, license pooling? | All tasks done | Some tasks done | Hardly any tasks done |
Q5 – Do you need licensing expertise?
Do you need further licensing expertise for the main products/vendors you use?
| Evaluation | 1 | 2 | 3 |
| Licensing requirements – Do you have the expertise to identify the applicable licensing requirements (Oracle OLSA/OD, IBM IPLA/LI/PLET, Microsoft PUR) and apply them to your infrastructure (servers, workstations, network access, virtualization)? | High expertise | Middle expertise | Low expertise |
| Commercial agreements – Do you have the expertise to apply your commercial agreements, such as Oracle ELA/ULA, IBM IPAA/ESSO/iESSO, Microsoft EA/Select? | High expertise | Middle expertise | Low expertise |
| Optimization – Can you optimize your infrastructure and user access to reduce license demand? | Yes | Partly | No |
Do you need further licensing expertise for smaller vendors with high audit risk?
| Evaluation | 1 | 2 | 3 |
| Licensing expertise – Do you have the licensing expertise for smaller vendors with high audit risk, including product licensing, applying to servers/clients/network access/virtualized environments? | High expertise | Middle expertise | Low expertise |
Do you need to make changes to your infrastructure for it to be fully compliant with all licensing requirements?
| Evaluation | 1 | 2 | 3 |
| Servers – Do your server environments comply with licensing requirements, including production and test environments? | Comply totally | Comply partly | Not verified |
| Desktops – Do your client (=desktop) environments comply with licensing requirements? | Comply totally | Comply partly | Not verified |
| Virtualization – Do your virtualized environments comply with licensing requirements, such as for server, desktop and application virtualization environments? | Comply totally | Comply partly | Not verified |
Q6 – Have you been confronted by compliance audits in the past?
Have you ever been confronted by vendor audits in the past?
| Evaluation | 1 | 2 | 3 |
| Audits – How many compliance audits have you been confronted by, regardless of support from an external auditor (KPMG, Deloitte)? | zero | 1 audit per year | ≥ 2 audits per year |
Have you ever been required to pay any penalties / settlement claims (EUR)?
| Evaluation | 1 | 2 | 3 |
| Penalty – Have you had to settle an audit (EUR)? | Settlement < EUR 1 mil. per year | Settlement ≥ EUR 1 mil. per year | Settlement ≥ EUR 5 mil. per year |
Do you think that you could have better managed audits (time, process, data) and auditors, or could have installed a Secure Data Room to protect your data?
| Evaluation | 1 | 2 | 3 |
| Managing – Have you actively managed the audit time plan, review process, review milestones, and verified data before providing it to auditors, etc.? | yes | some-what | no |
| Secure Data Room – Have you installed a Secure Data Room to protect your confidential data and govern the auditors; have the auditors signed an NDA (non-disclosure agreement)? | Secure Data Room | Only NDA | no |
| Compliance position – Did you know your compliance position (balance) and your potential liability (EUR) before communicating data to the vendor/auditor? | yes | Parallel to the vendor/auditor | no |
– CONFIDENTIALITY NOTICE –
OMTCO does not disclose clients’ names, client projects or data. The case study and data published in this report is generic and derived from years of compliance reviews. All analysis presented and information disclosed in this document are exclusively based on public information. Should you wish to learn more about our confidentiality practice or about this case study, please contact an OMTCO representative.
Six Questions That Managers Should Ask About Software Asset Management (SAM)
THIS REPORT IS AIMED AT THOSE IN MANAGEMENT (WITH LITTLE EXPERIENCE IN LICENSING) FACED WITH THE CHALLENGES OF SOFTWARE ASSET MANAGEMENT. THESE SIX DECISIVE QUESTIONS TACKLE THE MAIN CHALLENGES COMPANIES ARE FACED WITH REGARDING SOFTWARE ASSET MANAGEMENT. THEY WILL HELP YOU TO DISCOVER THE DISPARITIES IN YOUR ORGANIZATION AND TO DEFINE YOUR OBJECTIVES FOR SOFTWARE ASSET MANAGEMENT.
is a consultant
at OMTCO Munich Office.
Contact:
00 49 170 6003451
ypl@omtco.de
Johannes Balzeris a consultant
at OMTCO Munich Office.
Johannes Balzer
00 49 163 3368736
johannes.balzer@omtco.de
OMTCO provides its clients with the best, thought-out advisory and line services, ranging from design-stage to implementation in Operations, Management, Technology and Consulting.
OMTCO works with the highest possible level of expertise – taking into account our know-how and our pragmatic experience from market analysis, competitive projects and professional references.
OMTCO has licensing expertise at its disposal, in addition to extensive experience in compliance reviews and customer-sided counter-audits.
Should you wish for advice tailored to your specific needs, raise comments or ask questions, please contact OMTCO at info@omtco.de or call your OMTCO representative directly.
For Software Asset Management, visit:
http://omtco.eu/references/SAM/
For counter-audit experience, visit:
http://omtco.eu/references/counteraudit/
For licensing expertise, visit:
http://omtco.eu/references/licensing/
For further references, visit:
http://omtco.eu/references/
This document is current as of the initial date of publication and may be changed by OMTCO at any time. Not all offerings are available in every country in which OMTCO operates. THE INFORMATION IN THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING NO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OR CONDITION OF NON-INFRINGEMENT. This report is for information and illustration purposes only. It is not an advisory document and does not take into account your specific customer situation. Please refer to the disclaimer published at http://omtco.eu/disclaimer.