Don’t play Russian roulette with indirect access licensing

21 Oct 2016 | SAM/SLO

As if the licensing agreements of the likes of Oracle, SAP and Microsoft were not complicated enough already, many user organizations fall foul of something called indirect access and end up owing significant amounts as a result of licensing non-compliance.

Indirect access, or indirect usage, or sometimes called multiplexing, is where your software (be it Oracle, SAP, Microsoft, or whatever) is accessed indirectly by a non-named third party, which can either be a person or machine. For example, an organisation has created a system that allows all their employees to enter their expenses. That system then sends all that employee expense information to a second system using a single named user account.

All users of the expense system are indirect users of the second system and should be considered when licensing the second system by a user based metric. As SAP and Oracle utilize ‘Named User’ type licenses, you will be non-compliant if each and every one of these users is not fully licensed.

Indirect access likely to increase

Even if all the many users access is consolidated through one device (multiplexing), say a Web server, or a single user account to access the software, all these users will still require a license. As the definition of indirect usage differs for each software manufacturer and in many cases is vague, the need to be able to identify and manage any instances of indirect access to help prevent potential problems at the time of a true-up/audit is vital to prevent unexpected costs.

With the increase in the use of mobile devices this type of indirect access is likely to increase. Similarly, with many applications moving to the cloud and requiring data for Oracle databases or SAP ERP systems to carry out their job, organizations will need to address indirect access to prevent costly and unexpected true-ups.

Spotting the signs of indirect access

Key to getting to grips with indirect access is the ability to correctly classify users of your software as direct or indirect and so make sure they are given the correct license type. Identifying indirect access can be tricky without the help of an automated monitoring tool.

However, there are tell-tale signs that make indirect access easier to spot. These include things like a user accessing a system all day long (no human user would do that) or a very large volume of work processed within a set period by one user (again, no human could conceivably process such a volume within that time).

One way to avoid indirect access problems in the Oracle world, for example, is to license via processor, rather than Named User. Sadly, there is no such corresponding license in the SAP world, where you are limited to Named User.

Detailed software usage measurement

The AssetStudio SAM suite products provide the detailed insight you require to enable you to avoid the problems of indirect access. With detailed usage measurement you will be able to identify immediately where indirect access or multiplexing is taking place and so be in a position to either take action to prevent it, or ensure you are correctly licensed.

Find out more about the AssetStudio for Enterprise SAM