Do you need SAM tools?
Below we discuss whether you need one or either of the two categories of tool that you are likely to come across in the SAM arena:
  1. Inventory tools
  2. Licence management tools

1) Inventory tools

Ultimately it is not unreasonable to ask whether an inventory tool is required at all.  If your software estate is highly standardised and/or has been deployed well so that you are aware of all software out there, and all controls are in place in terms of managing the estate, then why do you need one?

Unfortunately most estates do not have a perfectly clean history or controls, but below we describe one client's lack of need for an inventory tool to do their licence compliance work.

For many though a tool should be seen as an integral part of a SAM solution.

There is more than one reason why your organisation is likely to use a tool capable of producing a network inventory.

Many of you will already have purchased tools to do one or more of the following:
  • Hardware asset tracking and management
  • Software deployment
  • Security monitoring
  • Network management
  • etc

Due to the breadth of subjects covered by such tools, there are hundreds that claim to be able to product an inventory.  The next step is then to claim that the tool can help you do SAM.

Clearly SAM is more than licence management, but LM is an integral part of SAM and if a tool is not good at identifying software in the context of licensing, then it should be avoided at all costs.  If you haven't read The truth about audit tools then do so now to see what we are talking about.

Top tip - The basic rule here is that if the tool was designed for anything other than SAM, then it will be harder to configure it from a licensing perspective.

That isn't to say it won't get there, but generally it will take more time.  The decision to make is whether that extra time would be more expensive than the cost of an additional tool

2) Licence management tools

At SAMsource we are big fans of spreadsheets - Tracking spreadsheet - to manage a licence position.

The ability to see and manipulate the information as required is incredibly useful and never the case with a tool, where you have to jump from one screen to another depending on the task.

The advantage of tools, however, is that they require you to follow a process.  Of course there are mistakes that can happen within the process, but it is always good that the tool will be consistent in terms of steps followed.

Top tip - Inventory tools usually have a licence management function or facility, so why not do the job in the one tool? 

Basically, the functionality of these 'add-ons' is never up to scratch when it comes to the required diversity of licensing information that you might want to manage.

Of course the ideal is that everything should be done in the one tool so that some level of automation can take place.

When we see a tool set where this is reliably the case, we will let you know.  Up until now all we have seen are tools that promise the earth and deliver nothing like the level of automation that should be available.  For more on this point see Tool automation myth.

A perfect world?

Below is a description of a SAM environment where an inventory tool was NOT required to manage any of the software assets and yet the benefits of SAM are still being gained.  The point is to show you that inventory tools are not the whole answer, at most they should be used to check what is happening out on your network, they should never be used to define the solution.

The description below is actually a real world example where we had to establish the licence position as rapidly as possible and where the existing tool's information was regarded as being so inaccurate, we had to establish the software numbers through other manual methods.

Working with the client, we satisfied the requirement of establishing the licence position within 10 days of the initial meeting, whereas a similar exercise with an audit tool will typically take many weeks if not months as you wait for the deployment issues to be resolved and then analyse the information that is returned.

As regards this particular software environment, the install base was standardised and all machines were locked down so that users could not install or de-install software (all part of Fundamentals).

There were three standard builds (PC Power, PC normal and Laptop) that has been designed around the needs of the users which meant there was no unused software out there so no wasted licensing or risk of being unlicensed (Licence optimisation already built in).

Over the years as machines and users were retired or replaced, all users accounts, software and data were removed and disposed of in the proper manner.  So when it came to defining the number of machines on the network, the client was satisfied that there were no erroneous records that shouldn't be there as it was a live system.

As we have mentioned there was an audit tool in place that had been there for some years.  Unfortunately it hadn't been maintained so the information in it was totally inaccurate.  As it happened there was no need for the tool to help us, because of the controls that had been in place and the way the estate had been managed.

The number of live machines on the network was established by looking at reports from the anti virus system that listed machines that had logged into the system in the previous 48 hours, identifying them by machine name.  An extremely useful part of the machine name was an identifier that corresponded to the type of build, i.e. PC Power, PC normal and Laptop).

It therefore only took 2 to 3 hours to count up the total for each of the three software builds, despite there being in excess of 3000 machines.

From there it was an easy step to calculate licence requirement for the entire software estate.  We had the list of applications for each build and the total number of each build, so job done.

All we then had to do was manually check a sample of machines to be sure that the controls around build and deployment had done their job properly.  We covered 5% of the machines (150) in a day.

Using the relevant publisher licence records along with internal procurement records as a check, it took an equally short length of time to establish the valid licence entitlement of the organisation.

Reconciliation of licence requirement and licence entitlement then took place to define the licence position.

Conclusions

The point here is that their estate had been controlled and managed because it made good technical and business sense.  Such an approach meant that the estate was stable, secure and relatively easy to support, all of which led to efficiencies in all areas of IT.

Even though they had not reconciled their licence position for some time, the controls in place meant that compliance risks from having too much software deployed had been completely minimised.

In this particular case there was no need to spend money on purchasing tools or consultancy to improve the SAM process, the return would have been too insignificant to be worthwhile.

Of course not all organisations can achieve such a degree of control, or can they?

We have worked with many organisations that have talked themselves into trying to manage a chaotic situation.  Users are users of your assets.  Software licensing is purchased by the organisation.  Your organisation runs all the risks of being audited and potentially found to be non-compliant.

When there are so many benefits in terms of mitigating risk, saving money on software purchasing, reducing costs on IT management, is it really viable to not consider implementing proper controls - Control SAM costs...