Solved

SAM (Software asset management) general question

Posted on 2013-05-30
3
461 Views
Last Modified: 2013-05-31
I am performing research for a potential SAM use.  I understand that there are many different types of software license types (ie: enterprise, volume licenses, by cpu, by person, etc.).
I also understand that in using a SAM, the primary source of license "verification" would come from purchasing records (PO's, payment receipts, etc.) that would need to be integrated into the SAM system.
Lastly, I understand that, the most likely way to do a license compliance check is to basically match up the purchasing data collected and normalized against the discovery data that was collected and normalized.  Hopefully, everthing matches up close and that's great.

I have a couple of scenarios below that an experienced SAM (admin/manager) should be able to answer, either from direct experience or accepted practices.  I'm posting this with a high award because the accepted answer must be thorough, well expressed and should show true evidence of experience this this area. You're going to have to take some time to write up some detail so there is minimal ambiguity or mis-understanding.  If you are going to just point me to a SAM website resource, then please don't bother.

1) The original purchase data shows ABC software, version 2.1 and is correctly matched against discovery data but the software was later updated by the user to version 2.5 so what used to match now does not.  How is this reconciled and/or fixed?

2) An original software purchase for ABC software, version 3.1 is in the SAM system and matches up in a compliance check against discovery data.  The software is later replaced by a competitive purchase of DEF software version 4.5 at a significant lower than retail cost. Do any SAM systems allow for a way to indicate a competitive purchases replacing an existing software asset?  Otherwise, you end up with 2 purchasing records for both sw assets, 2 discovery sw assets, yet only one should be installed and licensed.
0
Comment
Question by:BRIDGEDIVISION
3 Comments
 
LVL 20

Accepted Solution

by:
edster9999 earned 250 total points
Comment Utility
Hmmm - thats a question and a half :)

This is not the answer you are looking for - lets hope someone can give you something better.

To start with what you are asking is very close to impossible.
It is easy enough to scan all your pcs and record what software is installed and used - and what version numbers are installed.
This data can be kept in the scanning system or exported into a database (or even something strange like a spreadsheet).
It is fairly easy to track changes from scan to scan - but working out what is allowed or not allowed is the impossible or at least very difficult bit.
When they upgrade from version 2.1 to 2.5 there is no real way of checking if this is a free  upgrade or if it has to be paid for.
Every license is different.
Some software only charges you for major version upgrades (example from version 3.X to version 4.X and small upgrades like 4.0 to 4.1 are free).  Others charge for every version.  Others will give you any version for free once you have the software.

So where does this leave you ?  You need human input at this point.
Someone has to check each license for each version and each program, and update the database with flags so you know what is allowed and not allowed.
You then do a new scan and highlight any changes that are not marked as acceptable.
These will have to be investigated or paid for.

Your other point about 2 bits of software - again this has to be checked per license.
Some software will let you put it into a pool if you uninstall it and use it again later.
Some software is 'use it and loose it'.  Once you have had it on the machine and used it, you can only use it on that machine or by that user - so upgrading would waste the license.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 250 total points
Comment Utility
I don't know anyone that uses or keeps good records, and I've been charged with auditing licenses and compliance for years. I am going to assume the OS, or the majority of the OS your looking to reconcile is Windows. You should also understand that "installed" and "present" might be interchangeable, and can throw your audit/reconciliation way off depending on the solutions or methods chosen. For example, users with no admin rights, they can't "install" firefox in the traditional location (c:\program files), but they can "install" it on their desktop. When you go to "add/remove programs" in the control panel FF isn't going to show up in that list. This holds true for other software as well, licensed software like winrar or winzip for example. Most times a registry entry is needed to enter a license key for software, not always, but often, and not being able to write to certain parts of the registry (being non-admins) means the software isn't actually using the license, even if the user is being prompted to enter it. It's not licensed until it's permanent, some write to the same dir as the program, some config file, but most programs try to write to some part of the registry. So is that really licensed or unlicensed software? hard to say in that case, I've been told it's unlicensed since it's self resetting, but again kooky.

1.) Version purchased vs Current version
This is hand reconciliation as pointed out before, your license for Adobe was for ver 10.0.0 and with the updates that come standard your on 11.2.3. You have to read the license to see if that is a natural progression, typically it is.
2.) Legacy software and Replacement software
Replacing Microsoft Office with OpenOffice, as long as the license for M$ office is valid, the two can live side by side with no conflict or needed resolution. As far as SAM software, I've never seen any good ones, you can do just as well with a spreadsheet as anything. Software is a balance sheet, you only need to current balance to be up to date, the legacy stuff is for records only.
-rich
0
 

Author Closing Comment

by:BRIDGEDIVISION
Comment Utility
Good points and pretty much all of what I assumed but I was hoping that someone out there might have known something different, like a robust SAM system that accounted for the two scenarios.  Both answers were good but I split points based on what I believed was fair.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
This video demonstrates basic masking and how to edit the mask to reveal the desired image.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now