"We regard this level of compliance as a minimum requirement for competence
as a CIO or IT manager," she said. Auditing to find out exactly what software is
being run is also a good way for an IT department to cut unnecessary costs.
Aidan Lawes, chief executive at the IT Service Management Forum, said, "There
are lots of instances where companies find they have been paying licences for
software they have not been using for years."
One such case was highlighted when the BBC implemented Sassafras Software's
Keyserver. The broadcaster is always under pressure to control costs so it can
limit increases in TV licence fees for its viewers and offer best value from the
revenues collected.
No operations area in the BBC escapes the pressure to reduce costs and the IT
department is always looking for ways to contribute to this.
The corporation has more than 27,000 computers to manage throughout the UK,
and auditing usage and managing software licence compliance is a challenge.
When the BBC decided to deploy Keyserver to track software licence
compliance, an initial sweep of the network showed that large numbers of
installed software products were not being used.
One package was found to be installed and licensed on more than 3,000
computers but was only in use on 300 of them.
This offered an initial saving to the company but Keyserver also revealed a
host of unauthorised software running on the systems. This consisted primarily
of peer-to-peer applications downloaded from the internet, which posed a
security threat as well as potentially degrading the service for official
network traffic.
Once located, the offending packages could be removed and blocked. There was
also the possibility of revealing unauthorised packages that could be beneficial
to the company which could be properly assessed, licensed and controlled.
The BBC now conducts weekly audits of every PC and integrates these reports
with Altiris client management data to produce consolidated deployment and usage
reports to ensure that software usage remains legal and acceptable.
Keyserver has also been linked to an in-house software purchasing system for
more accurate purchasing control. This also gives the purchasing staff a better
basis to work from when negotiating with software suppliers.
The company has integrated Keyserver with Microsoft Active Directory for
end-point authentication and the net effect is the ability to centralise
control. Previously, there were dozens of people scattered across different
departments responsible for software management; this has been reduced to two
full-time positions within the IT department.
Ray Wang, principal analyst at Forrester Research, said, "It is difficult
dealing with multiple suppliers and the number of licences and contracts that
are out there. It takes about 23% of an IT department's time to manage the
supplier relationships - and that is productivity wasted."
The decommissioning of computers, the repurposing of equipment, or situations
where a system is taken out of service for a prolonged period can all lead to
licences lying dormant.
Management software can flag that something has gone offline but cannot work
out why, and it may even forget it existed when the next auditing sweep is made.
Sun Microsystems is looking at an interesting use of RFID chips in this
regard.
The Sun RFID Industry Solution is a hardware and software combination based
on Java to provide real-time visibility and an audit trail of asset movements
and maintenance records.
It is designed to track assets that are not attached to a network and goes
beyond IT hardware to include any asset, such as medical equipment.
Under such a system, every computer or peripheral would have a unique RFID
tag by which it can not only be identified but also be discovered if it is not
where it should be.
The system would be most effective if numerous RFID receivers were placed
around a company's buildings, but it is possible to search using a handheld
device.
The current maximum range of an RFID signal is 10 metres for a handheld
detector combined with the latest UHF tags, so the method would not be simple
but it would be a vast improvement on manually searching every nook and
cranny.
Unused hardware would be located and the inventory could be checked to
determine whether there was any licensed software on board using up a licence
key that could be applied elsewhere.
The need for a software inventory has led to the situation where licence
management is a component part of high-end suites such as HP Openview, IBM
Tivoli and CA Unicenter. These are mainly sold to companies that would tend to
apply for site licences to ensure compliance with licensing rules for key
applications rather than worrying about juggling individual licences.
For instance, HP offers licence management as part of its Openview enterprise
systems management offering. Ian Curtis, HP's software director for UK and
Ireland, said this had been enhanced by the addition of technologies that came
with the acquisition of IT asset management firm Peregrine Systems.
The central piece is an asset management module that not only details
hardware assets but also the software inventory of each computer on the network,
bringing Openview into line with other suppliers' products.
Wang said larger companies were trying to move their suppliers away from
individual licensing. "If given the opportunity, enterprises plan to move away
from the named-user model.
We expect this dissatisfaction to continue through 2008, when new licensing
models around business processes and virtualisation technologies will be
introduced by suppliers as standard and accepted by large enterprises."
All embracing licences only work with widespread applications such as office
productivity suites, core databases and ERP/CRM systems. At some point all
companies have to handle more limited licensing.
Options become reduced as company size decreases. The cost benefits of site
and enterprise licensing is eclipsed and alternatives such as concurrent
licensing and named-user licensing are inevitable.
At this level there are options in the less expensive management suites for
licence management along with inventory and deployment. Companies involved in
these areas include BigFix, Vector Networks' PC Duo Enterprise, Managesoft and L
Aesk.
Alternatively there are products that specialise in licence management.
Suppliers in this field include Sassafras Software, Scalable Software, and
Palamida.
Typical features of these packages are the ability to control licences for
internally developed software as well as externally sourced applications.
Amy Konary, programme director for software pricing, licensing and delivery
at analyst firm IDC, described asset management as having three processes. The
initial phase is the discovery of hardware and software within the environment.
Licence management is the important task of monitoring and controlling the
number of seats available for each package. Finally there is software metering
to determine who is using specific software, rather than merely owning it.
Konary said, "Compliance is one benefit, but a more enticing benefit is the
ability to better control, manage and predict software usage to help plan for
future purchases more effectively and avoid overbuying.
Although software suppliers typically make it easy for customers to buy more
software, they do not typically make it easy for customers that bought too much
in the first place and want to downsize."
IDC predicts worldwide revenue associated with software product lifecycle
management will grow at 24.3% from 2004 to 2009 to reach £550m by 2009.
According to Konary, the US will account for half of this total revenue. One of
the reasons for this is the country's more stringent laws controlling company
governance.
In the near term, there is the problem of web services and how licences could
be adapted for the fragmented applets that will form the applications of the
future. Wang said, "You could potentially price by process, or price by a module
of services relating to a process, or you could take it to another level of
abstraction where you can use a collection of services if you are in this role.
This is where role-based pricing comes in."
The web basis of the services means that it would be possible to charge on a
per use basis or on a contract basis. Suppliers will want customers to use as
many of their web services as possible and that is where Wang sees role-based
pricing coming in.
Microsoft is defining different combinations of its Visual Studio Team System
and corresponding subscription offerings for three roles: architects, testers,
and developers. It is also showing signs of preparing the ground for roles in
its Office suite by defining numerous package combinations for the 2007 Office
System.
Although no supplier has yet developed role-based licensing, Wang believes
Microsoft is closest to it. "It has rolled out user-based pricing based on
significant building of software based on roles and as it does that it has the
capability to price by roles. This will definitely give Microsoft the advantage
of eventually building web services around these roles - if it chooses to do
it.
Which software is hardest to track?
Auditing software has difficulty identifying programs that:
- Do not update the operating system management controls completely or
correctly
- Do not appear in its list of recognised applications
- Do not leave evidence on a hard disc or in memory
- Reside on an unsupported platform
- Reside on machines that are not active; for instance, never turned on, or
never connected to the network.
Source: Ovum
Vote for your IT greats
Who have been the most influential people in IT in the past 40 years? The
greatest organisations? The best hardware and software technologies? As part of
Computer Weekly?#8364;™s 40th anniversary celebrations, we are asking our readers who
and what has really made a difference?
