Software audits: What can go wrong – 2?

13 Feb 2017 | Datacentre, SAM/SLO

If you missed articles 1, 3 or 4 you can find them below.

Virtualization & monitoring usage

In the second of our blog articles on what can cause problems when you are audited by a software vendor, we look at virtualization and monitoring software usage.

Virtualization

Virtualization is a mature technology that can help you save money, time and carbon emissions. Consequently, just about every major organization has adopted it in one form or another, somewhere on their IT estate.

But, there is a major issue with virtualization that many organizations overlook – the impact it has on your software licensing. Unless you are fully aware of these implications and are able to manage your license position, you could end up paying more for additional software licenses (and fines if the shortfall is discovered during a vendor audit) than you saved through virtualizing in the first place.

Most software vendors’ licensing rules differ between physical and virtual environments. But, a common theme is that small changes to the virtual environment can have a large impact on licensing requirements. Typical examples include:

  • Hardware – e.g. additional servers or CPUs in a cluster
  • Server Mobility within server farms – e.g. DRS / v-Motion enabled

Converting a physical device to a virtual device changes the licensing requirements and you need to check your license agreement to discover what the full implications are. You also need to consider maintenance. Some vendors, such as Microsoft, now require active maintenance on server applications deployed within server farms (Microsoft Exchange server etc.).

Monitoring usage

Dependent on the terms of your license grant, the need to measure the usage of your software could be important in ascertaining whether you are compliant and also what you have to pay. Certain software vendors, like SAP and Oracle, charge for software based on metrics that can be unique to your business. For example, if you are a car manufacturer, the metric could be based on the number of cars you have built.

Obviously you will need some verifiable and easy way to measure this metric. Firstly, so that you are aware of what you will need to pay and, secondly, to ensure that you do not exceed any pre-set limits or conditions within the license agreement.

Indirect access

As if the licensing agreements of the likes of Oracle, SAP and Microsoft were not complicated enough already, many user organizations fall foul of something called indirect usage and end up owing significant amounts as a result of licensing non-compliance.

Indirect usage, indirect access, or multiplexing as it is sometimes called, is where your software (be it Oracle, SAP, Microsoft etc.) is accessed indirectly by a non-named third party, which can either be a person or machine. For example, an organisation has created a system that allows all their employees to enter their expenses. That system then sends all that employee expense information to a second system using a single named user account.

All users of the expense system are indirect users of the second system and should be considered when licensing the second system by a user based metric. As SAP and Oracle utilize ‘Named User’ type licenses, you will be non-compliant if each and every one of these users is not fully licensed.

Key to getting to grips with indirect access is the ability to correctly classify users of your software as direct or indirect and so make sure they are given the correct license type. Identifying indirect access can be tricky without the help of an automated monitoring tool.

However, there are tell-tale signs that make indirect access easier to spot. These include things like a user accessing a system all day long (no human user would do that) or a very large volume of work processed within a set period by one user (again, no human could conceivably process such a volume within that time).

One way to avoid indirect access problems in the Oracle world, for example, is to license via processor, rather than Named User. Sadly, there is no such corresponding license in the SAP world, where you are limited to Named User.

The AssetStudio SAM products can help you make sure you do not have problems with virtualization, usage monitoring and indirect access. To find out how we can help you please contact us 

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *