SAM (Software asset management) general question

Posted on 2013-05-30
Medium Priority
Last Modified: 2013-05-31
I am performing research for a potential SAM use.  I understand that there are many different types of software license types (ie: enterprise, volume licenses, by cpu, by person, etc.).
I also understand that in using a SAM, the primary source of license "verification" would come from purchasing records (PO's, payment receipts, etc.) that would need to be integrated into the SAM system.
Lastly, I understand that, the most likely way to do a license compliance check is to basically match up the purchasing data collected and normalized against the discovery data that was collected and normalized.  Hopefully, everthing matches up close and that's great.

I have a couple of scenarios below that an experienced SAM (admin/manager) should be able to answer, either from direct experience or accepted practices.  I'm posting this with a high award because the accepted answer must be thorough, well expressed and should show true evidence of experience this this area. You're going to have to take some time to write up some detail so there is minimal ambiguity or mis-understanding.  If you are going to just point me to a SAM website resource, then please don't bother.

1) The original purchase data shows ABC software, version 2.1 and is correctly matched against discovery data but the software was later updated by the user to version 2.5 so what used to match now does not.  How is this reconciled and/or fixed?

2) An original software purchase for ABC software, version 3.1 is in the SAM system and matches up in a compliance check against discovery data.  The software is later replaced by a competitive purchase of DEF software version 4.5 at a significant lower than retail cost. Do any SAM systems allow for a way to indicate a competitive purchases replacing an existing software asset?  Otherwise, you end up with 2 purchasing records for both sw assets, 2 discovery sw assets, yet only one should be installed and licensed.
LVL 20

Accepted Solution

edster9999 earned 1000 total points
ID: 39209274
Hmmm - thats a question and a half :)

This is not the answer you are looking for - lets hope someone can give you something better.

To start with what you are asking is very close to impossible.
It is easy enough to scan all your pcs and record what software is installed and used - and what version numbers are installed.
This data can be kept in the scanning system or exported into a database (or even something strange like a spreadsheet).
It is fairly easy to track changes from scan to scan - but working out what is allowed or not allowed is the impossible or at least very difficult bit.
When they upgrade from version 2.1 to 2.5 there is no real way of checking if this is a free  upgrade or if it has to be paid for.
Every license is different.
Some software only charges you for major version upgrades (example from version 3.X to version 4.X and small upgrades like 4.0 to 4.1 are free).  Others charge for every version.  Others will give you any version for free once you have the software.

So where does this leave you ?  You need human input at this point.
Someone has to check each license for each version and each program, and update the database with flags so you know what is allowed and not allowed.
You then do a new scan and highlight any changes that are not marked as acceptable.
These will have to be investigated or paid for.

Your other point about 2 bits of software - again this has to be checked per license.
Some software will let you put it into a pool if you uninstall it and use it again later.
Some software is 'use it and loose it'.  Once you have had it on the machine and used it, you can only use it on that machine or by that user - so upgrading would waste the license.
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 1000 total points
ID: 39209775
I don't know anyone that uses or keeps good records, and I've been charged with auditing licenses and compliance for years. I am going to assume the OS, or the majority of the OS your looking to reconcile is Windows. You should also understand that "installed" and "present" might be interchangeable, and can throw your audit/reconciliation way off depending on the solutions or methods chosen. For example, users with no admin rights, they can't "install" firefox in the traditional location (c:\program files), but they can "install" it on their desktop. When you go to "add/remove programs" in the control panel FF isn't going to show up in that list. This holds true for other software as well, licensed software like winrar or winzip for example. Most times a registry entry is needed to enter a license key for software, not always, but often, and not being able to write to certain parts of the registry (being non-admins) means the software isn't actually using the license, even if the user is being prompted to enter it. It's not licensed until it's permanent, some write to the same dir as the program, some config file, but most programs try to write to some part of the registry. So is that really licensed or unlicensed software? hard to say in that case, I've been told it's unlicensed since it's self resetting, but again kooky.

1.) Version purchased vs Current version
This is hand reconciliation as pointed out before, your license for Adobe was for ver 10.0.0 and with the updates that come standard your on 11.2.3. You have to read the license to see if that is a natural progression, typically it is.
2.) Legacy software and Replacement software
Replacing Microsoft Office with OpenOffice, as long as the license for M$ office is valid, the two can live side by side with no conflict or needed resolution. As far as SAM software, I've never seen any good ones, you can do just as well with a spreadsheet as anything. Software is a balance sheet, you only need to current balance to be up to date, the legacy stuff is for records only.

Author Closing Comment

ID: 39210735
Good points and pretty much all of what I assumed but I was hoping that someone out there might have known something different, like a robust SAM system that accounted for the two scenarios.  Both answers were good but I split points based on what I believed was fair.

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question