HOW TO SURVIVE A SOFTWARE
AUDIT AND DEAL WITH A REQUEST
David Chamberlain / General Manager SAM Services
Agenda
License Dashboard- Who are we?
Why have I been targeted?
What information does the vendor want and what are the risks of giving it?
Due diligence on your estate
Due diligence on your entitlement
Mitigation
License Dashboard in 60 seconds
Technology used to successfully deliver 1,000 SAM projects globally
Designed, built & maintained by licensing experts
Used by SAM and licensing consultants in Europe, US, Canada & Australia
Recognized by leading vendors
Microsoft (SAM partner), Adobe, Symantec, VMware and more
Technology supported by licensing expertise
Full range of Professional Services, SAM Consultancy & Licensing Advice
Delivery options to meet your needs:
The vendor doesn’t understand your organization
Merger/Divestiture Global Organization Complex Organisation Revisiting a previous review Exiting EA
Perceived irregularities with Licenses Odd purchasing patterns
Maintenance no base Inconsistent quantities
The Vendor believes your installs do not match your entitlement
They will be asking you to declare your usage They may challenge, test or sample that data
It is unlikely you will avoid -or even postpone for long- this request
You need to be confident the information you eventually provide is accurate and not overstated
Primarily you want to be assured the data you submit is not for more usage than you actually have
You will want to be confident that any minimizing of liability will stand up to scrutiny You will want to retain in place some of the steps taken to respond to this request so that in future you can have confidence should you be contacted again by this or any other vendor
Must understand your estate
Must understand your software users
Understand what discovery capability you currently have
For areas of the estate with no coverage look at free tools or manual discovery
Understand what you actually need to measure Obtain help or advice in areas of major risk ($)
Do you have any geographical challenges?
Will you need to report or exclude by Country of Use, Language, Trading Name or Business Unit? Which areas are in/out of scope
How many devices do you have?
Have disposals been appropriately managed?
Consider Active Directory to compare against discovery
Where AD is not up to date ensure it is cleaned!! AD Tidy
http://www.cjwdev.co.uk/Software/ADTidy/Info.html
Consider AV tool output to compare against discovery
Do you have any undiscoverable software usage?
Additional liability beyond an install- Citrix/thin client- Server Virtualization
Do you have any other device types that may require licenses?
PDA, iPad, Tablets, Tough books, EPOS
Are any devices test, staging, MSDN, DR, Training, WAH, strictly LOB only?
Identify and exclude from calculations devices that may not necessarily consume regular licenses
User CALs
CALs obtained for users with multiple devices
For mixed CAL environments can you demonstrate your counts?
Eligible Users
Often you are able to exclude ancillary or non computer users from this count
Eligible Devices
For reference purposes, ““Qualified Device” means any personal desktop computer, portable computer, workstation or similar device that is used by or for the benefit of the Enrolled Affiliate’s Enterprise. It does not include (1) any computer that is designated as a server and not used as a personal computer, (2) any Industry Device, (3) any device running an embedded operating system (e.g. Windows Phone 7) that does not access a virtual desktop infrastructure, or (4) any device that is not managed and/or controlled either directly or indirectly by Enrolled Affiliate’s Enterprise. Enrolled Affiliate may include as a Qualified Device any device which would be excluded above (e.g. Industry Device)”
Eligible Users
For reference purposes, ““Qualified User” means a person (e.g. employee, consultant, contingent staff) who: (1) is a user of Qualified Device, or (2) accesses any server software requiring an Enterprise Product Client Access License or any Enterprise Online Service.
Processors/Logical Processors/Virtual Processors/Cores Farms
Many organizations already have some form of Discovery capability
Help desk systems, ITAM Solutions
Check its coverage across your estate
Compare with tidied AD data/AV Data Disposed/retired/duplicate
Challenge its output
Sample devices MSI vs .EXE
Which devices do not run COE and why? Were the results as anticipated?
Look for areas of undiscoverable usage
ISA/Sharepoint Servers outside of DMZ Remote workers
Citrix/Thin Client
Mission Critical servers with no discovery client CALS
UNDERSTAND WHAT DISCOVERY CAPABILITY
YOU CURRENTLY HAVE
Consider FOC Agentless discovery
MAP Toolkit
http://www.microsoft.com/en-us/download/details.aspx?id=7826
Spiceworks
http://www.spiceworks.com
Check & sample the output!!
Cleansing of Discovery
Is licensable/freeware, Editions/Versions/Metric Multiple versions
Suites
Virtualization
DRS, Affinity Rules, V-motion, license mobility GET HELP OR ADVICE NOW!!
UNDERSTAND WHAT DISCOVERY CAPABILITY
YOU CURRENTLY HAVE
Operating System Coverage
1. Optimum Scenario best value new purchase
Calculators available
2. Optimum Scenario utilizing existing licenses
Virtualization of Applications
GET HELP OR ADVICE NOW!
VIRTUALIZATION
Virtualization
V-motion- is it switched on?
Allows v servers to move between Hosts and increases the liability of every Host
DRS
vSphere Distributed Resource Scheduler continuously monitors utilization across a resource pool and intelligently allocates available resources among virtual machines according to business needs.
Affinity Rules
Can restrict the movement of V servers across Hosts reducing liability Logs and reports available
Many Licensing Options
Can License the Farm, Physical Host or V Server License mobility
Multiple instances per license
License Rules differ greatly by version release
The Vendor will have records of your purchases through VLA Retail/shrinkwrap/off the shelf are never recorded
The Vendor will have searched only on the names it knows
Mergers Transfers
Spelling errors from the reseller
Find out who has historically supplied you your software Obtain purchase reports from these resellers
Compare with Vendor data
Look for chronological gaps in the data
Test and challenge aggregate calculation figures
Licenses with no base Technology guarantees Grandfathering rights Side agreements to EAs
From where do you purchase your hardware?
Counterfeiting Base licenses
Can you obtain records
OEM licensing
Base license eligibility for SELECT/ EA upgrade license Server & CAL OEM
Co-operate- most reviews are unavoidable
Qualify your active actual estate- do not pay for retired or disposed of machines!! Determine the parts of your estate that do not consume licenses- DR, Dev, Training Test your Discovery output- Look for multiple versions per device
Understand your potential liability for virtual estate
Understand what your current licenses will enable you to do on that estate
Mitigation - If you have made errors understand the reasons why/how
Incorrect media Affinity rules not set Actual usage
All vendors will seek to have shortfalls rectified in accordance with their EULA
They are duty bound to protect their IP They will be reluctant to set precedent
Consider who from within the vendor is conducting the review
Compliance team
Tele sales type compliance Audit Partner
Consider your anticipated future requirements
Do you have plans to upgrade or roll out to newer technologies? Will this rectification achieve this?
Are you planning significant spend on other technologies with this vendor? Many will seek a speedy settlement
Coming next…
Life after an audit request
Making sure the pain does not continue
July 26th 2012 – 15:00 UK, 16:00 CET, 10:00 EST
