It is pretty hard to get anywhere in life without knowing where you are first. Knowing how far ‘down the road’ you are is essential to knowing how far you still need to go and what milestones are next. Many people will preach about proactive SAM (Software Asset Management), myself included, where processes and procedures are put in place to prevent licensing breaches, overspend etc. But a good place to start is identifying what is going wrong and reviewing the related policies accordingly.
In a nutshell, you need to know what you are entitled to vs. what you have deployed/utilized. Modern day portals provide you with lots of healthy information as to what you have purchased/what you are entitled to in terms of licensing. But if you find these records segmented or incomplete, you can always reach out to your reseller/even the vendor themselves for a convenient consumption report here. Make sure you read through any agreement documents/product terms associated to your purchases to ensure you understand any applicable restrictions – particularly around virtualization!
In terms of device inventory, again, there will be many, many people with guidance around the benefits of agent based inventory (ie. deploying a client agent to all company devices). However, if you are standing on the starting block, with no budget or real time scales to do the necessary due diligence regarding such an important purchase, there are alternatives. There a few agentless FOC inventory options out there should you be looking for a quick snapshot of your estate, or even something to supplement an existing toolset. Microsoft do their own version called Application & Planning Toolkit, but will of course only cover Microsoft software. Another favourite would be Spiceworks, but be prepared for adverts!
So once you have gotten to the state where you either have an agent based discovery/inventory tool in place, or you have decided to go the FOC route and have downloaded one of the online offerings. How do you know that you have ‘zapped’ everything you need to? What are you forgetting? Active Directory (if you have it tidy enough) is a relatively good place to start in terms of coverage vetting. In fact, some of the more expensive tools will incorporate Active Directory (AD) into their workings.
Doing a quick comparison of all the AD accounts, with password resets within the last 90 days, against the hardware results from your scans is an excellent place to start. But don’t forget about things that might fall outside the remit of AD. Below are a few examples of these:
Once you have the below:
This still doesn’t mean you know exactly where you are. Part of know where you are… is knowing where you want to be. A quick fix for a licensing breach now, might very well conflict with plans for the future. A good example here would be licensing in a virtualized environment. Many product offerings differentiate their ‘options/editions’ by the level of virtualization needed. Whilst a more standard offering would certainly patch the hole in the short-term, perhaps a more enterprise-level offering might be worth exploring if your current virtual environment is set near-future changes/growth.
It is now when you will have a firm grasp of what to communicate out to the business in terms of your software asset compliance. Hopefully any disparities picked up at this stage are all easily adjustable within the current policies, procedures and processes. A good idea is to create a Software Asset Management Policy in its own right and get all employees to agree to the terms contained within. For help producing one of these, please do look out for my next post…
It’s chock full of useful advice, exclusive events and interesting articles. Don’t miss out!