Ensuring that the software deployed in a company is
properly licensed is not optional. It is a legal requirement and
simply being unaware of unlicensed software does not get the IT
director off the hook, analyst firm Ovum has warned in its latest
report on software auditing.
In the report Ovum analyst Alys Woodward recommended that users
have some kind of process in place to ensure that a detailed audit
of the software installed within the organisation is conducted at
least twice a year.
"We regard this level of compliance as a minimum requirement for
competence as a CIO or IT manager," she said. Auditing to find out
exactly what software is being run is also a good way for an IT
department to cut unnecessary costs.
Aidan Lawes, chief executive at the IT Service Management Forum,
said, "There are lots of instances where companies find they have
been paying licences for software they have not been using for
years."
One such case was highlighted when the BBC implemented Sassafras
Software's Keyserver. The broadcaster is always under pressure to
control costs so it can limit increases in TV licence fees for its
viewers and offer best value from the revenues collected.
No operations area in the BBC escapes the pressure to reduce
costs and the IT department is always looking for ways to
contribute to this.
The corporation has more than 27,000 computers to manage
throughout the UK, and auditing usage and managing software licence
compliance is a challenge.
When the BBC decided to deploy Keyserver to track software
licence compliance, an initial sweep of the network showed that
large numbers of installed software products were not being
used.
One package was found to be installed and licensed on more than
3,000 computers but was only in use on 300 of them.
This offered an initial saving to the company but Keyserver also
revealed a host of unauthorised software running on the systems.
This consisted primarily of peer-to-peer applications downloaded
from the internet, which posed a security threat as well as
potentially degrading the service for official network traffic.
Once located, the offending packages could be removed and
blocked. There was also the possibility of revealing unauthorised
packages that could be beneficial to the company which could be
properly assessed, licensed and controlled.
The BBC now conducts weekly audits of every PC and integrates
these reports with Altiris client management data to produce
consolidated deployment and usage reports to ensure that software
usage remains legal and acceptable.
Keyserver has also been linked to an in-house software
purchasing system for more accurate purchasing control. This also
gives the purchasing staff a better basis to work from when
negotiating with software suppliers.
The company has integrated Keyserver with Microsoft Active
Directory for end-point authentication and the net effect is the
ability to centralise control. Previously, there were dozens of
people scattered across different departments responsible for
software management; this has been reduced to two full-time
positions within the IT department.
Ray Wang, principal analyst at Forrester Research, said, "It is
difficult dealing with multiple suppliers and the number of
licences and contracts that are out there. It takes about 23% of an
IT department's time to manage the supplier relationships - and
that is productivity wasted."
The decommissioning of computers, the repurposing of equipment,
or situations where a system is taken out of service for a
prolonged period can all lead to licences lying dormant.
Management software can flag that something has gone offline but
cannot work out why, and it may even forget it existed when the
next auditing sweep is made. Sun Microsystems is looking at an
interesting use of RFID chips in this regard.
The Sun RFID Industry Solution is a hardware and software
combination based on Java to provide real-time visibility and an
audit trail of asset movements and maintenance records.
It is designed to track assets that are not attached to a
network and goes beyond IT hardware to include any asset, such as
medical equipment.
Under such a system, every computer or peripheral would have a
unique RFID tag by which it can not only be identified but also be
discovered if it is not where it should be.
The system would be most effective if numerous RFID receivers
were placed around a company's buildings, but it is possible to
search using a handheld device.
The current maximum range of an RFID signal is 10 metres for a
handheld detector combined with the latest UHF tags, so the method
would not be simple but it would be a vast improvement on manually
searching every nook and cranny.
Unused hardware would be located and the inventory could be
checked to determine whether there was any licensed software on
board using up a licence key that could be applied elsewhere.
The need for a software inventory has led to the situation where
licence management is a component part of high-end suites such as
HP Openview, IBM Tivoli and CA Unicenter. These are mainly sold to
companies that would tend to apply for site licences to ensure
compliance with licensing rules for key applications rather than
worrying about juggling individual licences.
For instance, HP offers licence management as part of its
Openview enterprise systems management offering. Ian Curtis, HP's
software director for UK and Ireland, said this had been enhanced
by the addition of technologies that came with the acquisition of
IT asset management firm Peregrine Systems.
The central piece is an asset management module that not only
details hardware assets but also the software inventory of each
computer on the network, bringing Openview into line with other
suppliers' products.
Wang said larger companies were trying to move their suppliers
away from individual licensing. "If given the opportunity,
enterprises plan to move away from the named-user model.
We expect this dissatisfaction to continue through 2008, when
new licensing models around business processes and virtualisation
technologies will be introduced by suppliers as standard and
accepted by large enterprises."
All embracing licences only work with widespread applications
such as office productivity suites, core databases and ERP/CRM
systems. At some point all companies have to handle more limited
licensing.
Options become reduced as company size decreases. The cost
benefits of site and enterprise licensing is eclipsed and
alternatives such as concurrent licensing and named-user licensing
are inevitable.
At this level there are options in the less expensive management
suites for licence management along with inventory and deployment.
Companies involved in these areas include BigFix, Vector Networks'
PC Duo Enterprise, Managesoft and L Aesk.
Alternatively there are products that specialise in licence
management. Suppliers in this field include Sassafras Software,
Scalable Software, and Palamida.
Typical features of these packages are the ability to control
licences for internally developed software as well as externally
sourced applications.
Amy Konary, programme director for software pricing, licensing
and delivery at analyst firm IDC, described asset management as
having three processes. The initial phase is the discovery of
hardware and software within the environment.
Licence management is the important task of monitoring and
controlling the number of seats available for each package. Finally
there is software metering to determine who is using specific
software, rather than merely owning it.
Konary said, "Compliance is one benefit, but a more enticing
benefit is the ability to better control, manage and predict
software usage to help plan for future purchases more effectively
and avoid overbuying.
Although software suppliers typically make it easy for customers
to buy more software, they do not typically make it easy for
customers that bought too much in the first place and want to
downsize."
IDC predicts worldwide revenue associated with software product
lifecycle management will grow at 24.3% from 2004 to 2009 to reach
£550m by 2009. According to Konary, the US will account for half of
this total revenue. One of the reasons for this is the country's
more stringent laws controlling company governance.
In the near term, there is the problem of web services and how
licences could be adapted for the fragmented applets that will form
the applications of the future. Wang said, "You could potentially
price by process, or price by a module of services relating to a
process, or you could take it to another level of abstraction where
you can use a collection of services if you are in this role. This
is where role-based pricing comes in."
The web basis of the services means that it would be possible to
charge on a per use basis or on a contract basis. Suppliers will
want customers to use as many of their web services as possible and
that is where Wang sees role-based pricing coming in.
Microsoft is defining different combinations of its Visual
Studio Team System and corresponding subscription offerings for
three roles: architects, testers, and developers. It is also
showing signs of preparing the ground for roles in its Office suite
by defining numerous package combinations for the 2007 Office
System.
Although no supplier has yet developed role-based licensing,
Wang believes Microsoft is closest to it. "It has rolled out
user-based pricing based on significant building of software based
on roles and as it does that it has the capability to price by
roles. This will definitely give Microsoft the advantage of
eventually building web services around these roles - if it chooses
to do it.
Which software is hardest to track?
Auditing software has difficulty identifying programs that:
- Do not update the operating system management controls
completely or correctly
- Do not appear in its list of recognised applications
- Do not leave evidence on a hard disc or in memory
- Reside on an unsupported platform
- Reside on machines that are not active; for instance, never
turned on, or never connected to the network.
Source: Ovum
Vote for your IT greats
Who have been the most influential people in IT in the past 40
years? The greatest organisations? The best hardware and software
technologies? As part of Computer Weekly’s 40th anniversary
celebrations, we are asking our readers who and what has really
made a difference?
Vote now at:
www.computerweekly.com/ITgreats