HOW TO SURVIVE A SOFTWARE AUDIT AND DEAL WITH A REQUEST

HOW TO SURVIVE A SOFTWARE AUDIT AND DEAL WITH A REQUEST David Chamberlain / General Manager SAM Services 19 July 2012

Agenda License Dashboard- Who are we? Why have I been targeted? What information does the vendor want and what are the risks of giving it? Due diligence on your estate Due diligence on your entitlement Mitigation Resolution/Rectification

License Dashboard in 60 seconds Technology used to successfully deliver 1,000 SAM projects globally Designed, built & maintained by licensing experts Used by SAM and licensing consultants in Europe, US, Canada & Australia Recognized by leading vendors Microsoft (SAM partner), Adobe, Symantec, VMware and more Technology supported by licensing expertise Full range of Professional Services, SAM Consultancy & Licensing Advice Delivery options to meet your needs: Perpetual and subscription on-premise or Managed Service

WHY HAVE I BEEN TARGETED? The vendor doesn t understand your organization Merger/Divestiture Global Organization Complex Organisation Revisiting a previous review Exiting EA Perceived irregularities with Licenses Odd purchasing patterns Maintenance no base Inconsistent quantities

BOTTOM LINE The Vendor believes your installs do not match your entitlement They will be asking you to declare your usage They may challenge, test or sample that data It is unlikely you will avoid -or even postpone for long- this request You need to be confident the information you eventually provide is accurate and not overstated Primarily you want to be assured the data you submit is not for more usage than you actually have You will want to be confident that any minimizing of liability will stand up to scrutiny You will want to retain in place some of the steps taken to respond to this request so that in future you can have confidence should you be contacted again by this or any other vendor

TAKE CONTROL Must understand your estate Must understand your software users Understand what discovery capability you currently have For areas of the estate with no coverage look at free tools or manual discovery Understand what you actually need to measure Obtain help or advice in areas of major risk ($)

UNDERSTAND YOUR ESTATE Do you have any geographical challenges? Will you need to report or exclude by Country of Use, Language, Trading Name or Business Unit? Which areas are in/out of scope How many devices do you have? Have disposals been appropriately managed? Consider Active Directory to compare against discovery Where AD is not up to date ensure it is cleaned!! AD Tidy http://www.cjwdev.co.uk/software/adtidy/info.html Consider AV tool output to compare against discovery

UNDERSTAND YOUR ESTATE Do you have any undiscoverable software usage? Additional liability beyond an install- Citrix/thin client- Server Virtualization Do you have any other device types that may require licenses? PDA, ipad, Tablets, Tough books, EPOS Are any devices test, staging, MSDN, DR, Training, WAH, strictly LOB only? Identify and exclude from calculations devices that may not necessarily consume regular licenses

UNDERSTAND YOUR SOFTWARE USERS User CALs CALs obtained for users with multiple devices For mixed CAL environments can you demonstrate your counts? Eligible Users Often you are able to exclude ancillary or non computer users from this count

WHAT DO I NEED TO MEASURE? Eligible Devices For reference purposes, Qualified Device means any personal desktop computer, portable computer, workstation or similar device that is used by or for the benefit of the Enrolled Affiliate s Enterprise. It does not include (1) any computer that is designated as a server and not used as a personal computer, (2) any Industry Device, (3) any device running an embedded operating system (e.g. Windows Phone 7) that does not access a virtual desktop infrastructure, or (4) any device that is not managed and/or controlled either directly or indirectly by Enrolled Affiliate s Enterprise. Enrolled Affiliate may include as a Qualified Device any device which would be excluded above (e.g. Industry Device) Eligible Users For reference purposes, Qualified User means a person (e.g. employee, consultant, contingent staff) who: (1) is a user of Qualified Device, or (2) accesses any server software requiring an Enterprise Product Client Access License or any Enterprise Online Service. Processors/Logical Processors/Virtual Processors/Cores Farms

UNDERSTAND WHAT DISCOVERY CAPABILITY YOU CURRENTLY HAVE Many organizations already have some form of Discovery capability Help desk systems, ITAM Solutions Check its coverage across your estate Compare with tidied AD data/av Data Disposed/retired/duplicate Challenge its output Sample devices MSI vs.exe Which devices do not run COE and why? Were the results as anticipated? Look for areas of undiscoverable usage ISA/Sharepoint Servers outside of DMZ Remote workers Citrix/Thin Client Mission Critical servers with no discovery client CALS

UNDERSTAND WHAT DISCOVERY CAPABILITY YOU CURRENTLY HAVE Consider FOC Agentless discovery MAP Toolkit http://www.microsoft.com/en-us/download/details.aspx?id=7826 Spiceworks http://www.spiceworks.com Check & sample the output!! Cleansing of Discovery Is licensable/freeware, Editions/Versions/Metric Multiple versions Suites Virtualization DRS, Affinity Rules, V-motion, license mobility GET HELP OR ADVICE NOW!!

VIRTUALIZATION Operating System Coverage 1. Optimum Scenario best value new purchase Calculators available 2. Optimum Scenario utilizing existing licenses Virtualization of Applications GET HELP OR ADVICE NOW!

VIRTUALIZATION Virtualization V-motion- is it switched on? DRS Allows v servers to move between Hosts and increases the liability of every Host vsphere Distributed Resource Scheduler continuously monitors utilization across a resource pool and intelligently allocates available resources among virtual machines according to business needs. Affinity Rules Can restrict the movement of V servers across Hosts reducing liability Logs and reports available Many Licensing Options Can License the Farm, Physical Host or V Server License mobility Multiple instances per license License Rules differ greatly by version release

WHERE ARE MY LICENSES? The Vendor will have records of your purchases through VLA Retail/shrinkwrap/off the shelf are never recorded The Vendor will have searched only on the names it knows Mergers Transfers Spelling errors from the reseller

WHERE ARE MY LICENSES? Find out who has historically supplied you your software Obtain purchase reports from these resellers Compare with Vendor data Look for chronological gaps in the data Test and challenge aggregate calculation figures Licenses with no base Technology guarantees Grandfathering rights Side agreements to EAs

WHERE ARE MY LICENSES? From where do you purchase your hardware? Counterfeiting Base licenses Can you obtain records OEM licensing Base license eligibility for SELECT/ EA upgrade license Server & CAL OEM

SUMMARY Co-operate- most reviews are unavoidable Qualify your active actual estate- do not pay for retired or disposed of machines!! Determine the parts of your estate that do not consume licenses- DR, Dev, Training Test your Discovery output- Look for multiple versions per device Understand your potential liability for virtual estate Understand what your current licenses will enable you to do on that estate Mitigation - If you have made errors understand the reasons why/how Incorrect media Affinity rules not set Actual usage

RESOLUTION/RECTIFICATION All vendors will seek to have shortfalls rectified in accordance with their EULA They are duty bound to protect their IP They will be reluctant to set precedent Consider who from within the vendor is conducting the review Compliance team Tele sales type compliance Audit Partner Consider your anticipated future requirements Do you have plans to upgrade or roll out to newer technologies? Will this rectification achieve this? Are you planning significant spend on other technologies with this vendor? Many will seek a speedy settlement

Coming next Life after an audit request Making sure the pain does not continue July 26 th 2012 15:00 UK, 16:00 CET, 10:00 EST Read the white paper View a weekly live solution demonstration

Thank You www.licensedashboard.com