HOW TO SURVIVE A SOFTWARE AUDIT AND DEAL WITH A REQUEST David Chamberlain / General Manager SAM Services 19 July 2012

Agenda

License Dashboard- Who are we?

Why have I been targeted?

What information does the vendor want and what are the risks of giving it?

Due diligence on your estate

Due diligence on your entitlement

Mitigation

Resolution/Rectification

License Dashboard in 60 seconds

Technology used to successfully deliver 1,000 SAM projects globally

Designed, built & maintained by licensing experts

Used by SAM and licensing consultants in Europe, US, Canada & Australia

Recognized by leading vendors

Microsoft (SAM partner), Adobe, Symantec, VMware and more

Technology supported by licensing expertise

Full range of Professional Services, SAM Consultancy & Licensing Advice

Delivery options to meet your needs:

Perpetual and subscription on-premise or Managed Service

The vendor doesn’t understand your organization

Merger/Divestiture

Global Organization Complex Organisation

Revisiting a previous review Exiting EA Perceived irregularities with Licenses

Odd purchasing patterns Maintenance no base Inconsistent quantities

WHY HAVE I BEEN TARGETED?

The Vendor believes your installs do not match your entitlement They will be asking you to declare your usage They may challenge, test or sample that data It is unlikely you will avoid -or even postpone for long- this request

You need to be confident the information you eventually provide is accurate and not overstated

Primarily you want to be assured the data you submit is not for more usage than you actually have You will want to be confident that any minimizing of liability will stand up to scrutiny You will want to retain in place some of the steps taken to respond to this request so that in future you can have confidence should you be contacted again by this or any other vendor

BOTTOM LINE

Must understand your estate Must understand your software users Understand what discovery capability you currently have

For areas of the estate with no coverage look at free tools or manual discovery

Understand what you actually need to measure Obtain help or advice in areas of major risk ($)

TAKE CONTROL

Do you have any geographical challenges? Will you need to report or exclude by Country of Use, Language, Trading Name or Business Unit? Which areas are in/out of scope

How many devices do you have? Have disposals been appropriately managed? Consider Active Directory to compare against discovery

Where AD is not up to date ensure it is cleaned!! AD Tidy http://www.cjwdev.co.uk/Software/ADTidy/Info.html

Consider AV tool output to compare against discovery

UNDERSTAND YOUR ESTATE

Do you have any undiscoverable software usage? Additional liability beyond an install- Citrix/thin client- Server Virtualization

Do you have any other device types that may require licenses? PDA, iPad, Tablets, Tough books, EPOS

Are any devices test, staging, MSDN, DR, Training, WAH, strictly LOB only? Identify and exclude from calculations devices that may not necessarily consume regular licenses

UNDERSTAND YOUR ESTATE

User CALs CALs obtained for users with multiple devices For mixed CAL environments can you demonstrate your counts?

Eligible Users

Often you are able to exclude ancillary or non computer users from this count

UNDERSTAND YOUR SOFTWARE USERS

Eligible Devices For reference purposes, ““Qualified Device” means any personal desktop computer, portable computer, workstation or similar device that is used by or for the benefit of the Enrolled Affiliate’s Enterprise. It does not include (1) any computer that is designated as a server and not used as a personal computer, (2) any Industry Device, (3) any device running an embedded operating system (e.g. Windows Phone 7) that does not access a virtual desktop infrastructure, or (4) any device that is not managed and/or controlled either directly or indirectly by Enrolled Affiliate’s Enterprise. Enrolled Affiliate may include as a Qualified Device any device which would be excluded above (e.g. Industry Device)”

Eligible Users For reference purposes, ““Qualified User” means a person (e.g. employee, consultant, contingent staff) who: (1) is a user of Qualified Device, or (2) accesses any server software requiring an Enterprise Product Client Access License or any Enterprise Online Service.

Processors/Logical Processors/Virtual Processors/Cores Farms

WHAT DO I NEED TO MEASURE?

Many organizations already have some form of Discovery capability Help desk systems, ITAM Solutions

Check its coverage across your estate Compare with tidied AD data/AV Data Disposed/retired/duplicate

Challenge its output Sample devices MSI vs .EXE Which devices do not run COE and why? Were the results as anticipated?

Look for areas of undiscoverable usage ISA/Sharepoint Servers outside of DMZ Remote workers Citrix/Thin Client Mission Critical servers with no discovery client CALS

UNDERSTAND WHAT DISCOVERY CAPABILITY YOU CURRENTLY HAVE

Consider FOC Agentless discovery MAP Toolkit

http://www.microsoft.com/en-us/download/details.aspx?id=7826

Spiceworks http://www.spiceworks.com

Check & sample the output!!

Cleansing of Discovery Is licensable/freeware, Editions/Versions/Metric Multiple versions Suites

Virtualization DRS, Affinity Rules, V-motion, license mobility GET HELP OR ADVICE NOW!!

UNDERSTAND WHAT DISCOVERY CAPABILITY YOU CURRENTLY HAVE

Operating System Coverage 1. Optimum Scenario best value new purchase

Calculators available

2. Optimum Scenario utilizing existing licenses

Virtualization of Applications GET HELP OR ADVICE NOW!

VIRTUALIZATION

Virtualization V-motion- is it switched on?

Allows v servers to move between Hosts and increases the liability of every Host

DRS vSphere Distributed Resource Scheduler continuously monitors utilization across a resource pool and intelligently allocates available resources among virtual machines according to business needs.

Affinity Rules Can restrict the movement of V servers across Hosts reducing liability Logs and reports available

Many Licensing Options Can License the Farm, Physical Host or V Server License mobility Multiple instances per license

License Rules differ greatly by version release

VIRTUALIZATION

The Vendor will have records of your purchases through VLA Retail/shrinkwrap/off the shelf are never recorded The Vendor will have searched only on the names it knows

Mergers Transfers Spelling errors from the reseller

WHERE ARE MY LICENSES?

Find out who has historically supplied you your software Obtain purchase reports from these resellers Compare with Vendor data Look for chronological gaps in the data Test and challenge aggregate calculation figures

Licenses with no base Technology guarantees Grandfathering rights Side agreements to EAs

WHERE ARE MY LICENSES?

From where do you purchase your hardware? Counterfeiting Base licenses

Can you obtain records OEM licensing Base license eligibility for SELECT/ EA upgrade license Server & CAL OEM

WHERE ARE MY LICENSES?

Co-operate- most reviews are unavoidable

Qualify your active actual estate- do not pay for retired or disposed of machines!! Determine the parts of your estate that do not consume licenses- DR, Dev, Training Test your Discovery output- Look for multiple versions per device

Understand your potential liability for virtual estate Understand what your current licenses will enable you to do on that estate

Mitigation - If you have made errors understand the reasons why/how

Incorrect media Affinity rules not set Actual usage

SUMMARY

All vendors will seek to have shortfalls rectified in accordance with their EULA They are duty bound to protect their IP They will be reluctant to set precedent

Consider who from within the vendor is conducting the review Compliance team Tele sales type compliance Audit Partner

Consider your anticipated future requirements Do you have plans to upgrade or roll out to newer technologies? Will this rectification achieve this?

Are you planning significant spend on other technologies with this vendor?

Many will seek a speedy settlement

RESOLUTION/RECTIFICATION

Coming next…

Life after an audit request

Making sure the pain does not continue

July 26th 2012 – 15:00 UK, 16:00 CET, 10:00 EST

Read the white paper

View a weekly live solution demonstration

Thank You www.licensedashboard.com