Don’t Play Russian Roulette with Indirect Access Licensing
What is indirect access? And what does it mean for licensing agreements?
As if the licensing agreements of the likes of Oracle, SAP and Microsoft were not complicated enough already, many user organizations fall foul of something called indirect access and end up owing significant amounts as a result of licensing non-compliance.
What is Indirect Access?
Indirect access, or indirect usage, or sometimes called multiplexing, is where your software (be it Oracle, SAP, Microsoft, or whatever) is accessed indirectly by a non-named third party, which can either be a person or machine. For example, an organisation has created a system that allows all their employees to enter their expenses. That system then sends all that employee expense information to a second system using a single named user account.
All users of the expense system are indirect users of the second system and should be considered when licensing the second system by a user based metric. As SAP and Oracle utilize ‘Named User’ type licenses, you will be non-compliant if each and every one of these users is not fully licensed.
Indirect Access is on the Rise
Even if all users access is consolidated through one device (multiplexing), say a Web server, or a single user account to access the software, these users will all still require a license. As the definition of indirect usage differs for each software manufacturer and in many cases is vague, the need to be able to identify and manage any instances of indirect access to help prevent potential problems at the time of a true-up or audit, is vital to prevent unexpected costs.
With mobile web usage overtaking desktop in 2016, this type of indirect access is likely to increase. Similarly, with many applications moving to the cloud and requiring data for Oracle databases or SAP ERP systems to carry out their job, organizations will need to address indirect access to prevent costly and unexpected true-ups.
Spotting the Signs of Indirect Access
Key to getting to grips with indirect access is the ability to correctly classify users of your software as direct or indirect and so make sure they are given the correct license type. Identifying indirect access can be tricky without the help of an automated monitoring tool.
However, there are tell-tale signs that make indirect access easier to spot and therefore rectify. These include:
- A user accesses a system all day long (no human user would do that).
- A very large volume of work processed within a set period by one user (again, no human could conceivably process such a volume within that time).
One way to avoid indirect access problems in the Oracle world, for example, is to license via processor, rather than Named User. Sadly, there is no such corresponding license in the SAP world, where you are limited to Named User.
So how else can you take steps to identify and avoid indirect access?
Detailed Software Usage Measurement
The AssetStudio SAM suite products provide the detailed insight you require to enable you to avoid the problems of indirect access. With detailed usage measurement you will be able to identify immediately where indirect access or multiplexing is taking place and so be in a position to either take action to prevent it, or ensure you are correctly licensed.
To ensure compliance, it is essential to implement a tool which can prevent indirect access.