Software Auditing Firm vs. Software Asset Management Firm

At the beginning of a software audit, the software vendors will introduce you to your auditors. These people may be from an external auditing firm, like Deloitte or KMPG, or be part of an internal auditing team from the software vendor themselves. It might be tempting to assume that these auditors are the experts and will provide all the assistance you need to get through your software audit smoothly.

However, at MetrixData 360, we know firsthand how very little these auditing teams are invested in looking after your company’s interests or even represent your case accurately. We firmly believe that you will need a software audit defense team of your own to verify the auditor’s findings, and working with an external SAM team is an excellent way to create a strong defense.

But what exactly is the difference between blindly trusting the software auditors and getting your own team to defend you?

Software Auditors are hired by the Software Vendor

The first and most important thing to note when you are working with a software auditor vs. a SAM expert is that the software auditor has been hired by the software vendor and that will greatly affect their motivation during the audit. They may be paid based on how large a compliance gap they can find, and this will create a bias in their efforts.

If there are any grey areas or missing data, they will assume the most expensive scenario is the reality, and it is unlikely they will dig any deeper than that. Why would they? Further research will either present no effect or possibly negatively affect their final payment. 

SAM Experts are Neutral Third Parties

Software Asset Management Professionals, on the other hand, are people that your company hires, so they are here to represent your interests. Their goal is to keep things as legal, accurate, and cost-effective as possible. Where there are grey areas, they will seek out the answers — whatever those answers may be. At MetrixData 360, we always pride ourselves in defending the best interests of our clients and we usually charge based on a flat rate or on a contingency basis, and our approach has often led to whittling down seemingly huge compliance gaps to much more manageable levels (or even nothing!).

Software Auditors will Ask for Data Outside the Scope of Your Audit

We have often run up against software auditors who collect data that has nothing to do with the audit they have been hired to investigate. The reasons for this may vary: perhaps they aren’t finding the results they need within the scope of the audit and they are trying to spread their investigations elsewhere, or perhaps the software vendor is looking for data with a competitive edge that has everything to do with your next true-up and nothing to do with the audit you’re in right now. Blindly handing over data simply because it is what the software auditor asked for can easily put you at a disadvantage as you help the software auditors build a case against you!

SAM Experts Know What Data the Auditors Need and Which They Don’t

We recently helped our client drive their Oracle audit to a stalemate (a valuable thing, as it gave our client the time they needed to thoroughly prepare a defense for the audit that followed) simply because the software auditors asked for a piece of data, and we asked them to provide proof for how that data was relevant to the audit (hint: it wasn’t, and it would have been used against our client later).

SAM experts know how audits work. In fact, at MetrixData 360 we have it down to a science, and they know when a piece of data needs to be handed over and when the software auditors have taken too much liberty poking around your software environment. They can defend your best interests by keeping you from handing over documents the auditors don’t need to see.

Software Auditors will not Accept Data from Your SAM Tools

It doesn’t matter if your SAM tool is high powered or accurate, it might even be approved by the software vendor who is auditing you, but software auditors will usually refuse to accept data unless it is drawn by their own tools. There are a few reasons for this, but it is mainly because the auditors want consistent data that is arranged in a certain way to save themselves time.

However, this is a terrible situation for you, because you do not know what their SAM tool will pick up. It may not take into consideration the unique licensing metrics and complexities of your software environment, and it may come up with a wildly inaccurate number that will leave you blindsided and scrambling to disprove.

Your software architecture is delicate. What will happen if the auditor’s tool needs to be installed into your software environment and the tool damages it? Your first job during the software audit is to defend and prove the accuracy of your own tool.

SAM Experts Work with Your Tools and Come with Their Own

At MetrixData 360, we work with what you give us. If you have your own SAM tools, we can work with the data it provides us and supplements any missing data with our own tools. If you don’t have your own tools, we can use ours exclusively, so there’s nothing to worry about.

With a SAM expert on the team, you shouldn’t have to resort to throwing all the hard-earned data that you’ve gathered with your SAM tool in the trash just because the software auditors aren’t used to working with the format your data is presented in. We often advise advocating for the validity of your own SAM tool by asking your software auditors to use data samples to determine accuracy or agree to use the software auditor’s tools only to supplement for missing data.

Related: Interested in Learning more about SAM Tools? Check out our article:
What Are SAM Tools

Get Data Experts that Represent Your Interests!

Software audits are not everyone’s cup of tea, and the software auditors that attend them often do not make the matter easier. Between unreasonable requests, ELPs that claim you owe thousands more than you actually do, and aggressively short turnaround times, software auditors can make the challenge of defending yourself that much harder if you are left to rely only on their services.

It’s important that you have someone in your corner backing you, someone who knows the intricate and unique inner workings of your software environment and knows how to defend your interests so that you are paying only what you need. MetrixData 360 can give you that kind of support. We have helped many companies fight their way out of seemingly hopeless situations and saved them millions of dollars in the process. If you’d like to learn more about how MetrixData 360 can help you during your next software audit, you can check out our Audit Defense Service Page.

What is SCCM and How is it Used?

SCCM: what it is, what it does, and how it helps with your software asset management (SAM) solution

It is well known in the tech industry that Microsoft has created one of the most complicated software licensing schemes in the market; one only needs to take a look at Microsoft’s SQL Server licensing to see that much. Not only are their licenses hypercomplex, but they are also subject to change frequently. If you are a large organization, this means that a single change in licensing could affect thousands of products throughout your software environment. It can be a nightmare and a seemingly insurmountable task to manage this kind of complexity, which is why it is important to be aware of the tools that you have at your disposal to help you in this struggle, such as Microsoft’s very own SCCM.

At MetrixData 360, we are well versed with Microsoft’s products, including SCCM.

So, in this article, we will look at Microsoft’s SCCM; what it does, what it is good for, and how it can help you improve your software asset management solution within your company.

What is SCCM?

SCCM was originally published in 1992 under the name System Management Server (SMS); however, in 2007 it was renamed System Center Configuration Manager (SCCM) and may also be called ConfigMgr. SCCM can be described as a Microsoft management tool, meant to provide users with the ability to manage a large number of Windows-based computers.

Administrators using SCCM are given the ability to manage deployment and the security of devices and applications over a large and intricate enterprise software environment. Many administrators also use SCCM as an extra layer of security with the ability to create automatic patching. However, SCCM comes with many other features including remote-based control, patch management, operating system deployment, and network protection, just to name a few of its many features.

A free trial of SCCM is available for a short time; however, a license is required after the free trial has expired.

SCCM uses a single infrastructure to do its job, placing virtual machines, mobile devices, and physical machines under the same umbrella, giving the administration team control over a wide variety of tools and resources, either on the cloud or on sites. It allows the administrative team to discover service, desktops, and mobile devices connected to the network through the Active Directory and manage those deployments and updates on a device or group basis.

SCCM vs. SCOM

SCCM is often confused with Microsoft System Centre Operations Manager, SCOM. However, while they serve similar roles, these Microsoft products are not identical, SCOM allows administrators to monitor the health and performance of their IT environment, performing tasks such as deploying and managing operations, services, and applications within a software environment.

Both SCCM and SCOM exist as part of a larger family of products better designed to assist admin to manage applications and services, however, SCCM helps to primarily maintain the infrastructure security and make sure everything is up to date while SCOM monitors the services and devices and then shares that information in regards to your requirements.

What Can SCCM be Used for?

SCCM has a wide variety of uses including the ability to manage updates, provide a layer of protection against outside sources, deploy software, and can even protect you against compliance issues.

Since it provides you with such a wide variety of data, you can use SCCM to organize your software environment. You can also configure automatic alerts and automatic tasks to ensure you are updated on the status of objects and to ensure tasks are completed on time.

Using SCCM for Software Asset Management

While most organizations only use SCCM as an IT tool, it can also provide a wealth of information for software asset management. This is because SCCM will store inventory data that can be used to track assets.

One simply needs to ensure that SCCM is freed up using a web-based multi-tenant asset management system which will allow SCCM to be used for tasks beyond the IT Department, such as HR procurement and security. SCCM can provide you with the ability to plan and proactively dig down deep into the data of your software environment in order to ensure compliance and lower the risk of receiving a Software Audit, which can prove a costly and unbudgeted expense in these troubling times.

Related: Getting ready for a software audit? You can prepare by checking out our Software Audit Defense Procedure

Of course, there are limitations to SCCM since it can only provide you with so much information in a raw format. Often companies will use SCCM during the beginning stages of their software asset management solution in order to gain a footing before eventually migrating to a specialized SAM solution.

Getting a Handle on Your Software Asset Management Strategy

Software asset management is a difficult task for any organization with an intricate software environment. It is important therefore to ensure that you have every available tool at your disposal to help you achieve this goal. Not many companies consider SCCM as a valuable tool in their efforts to reach compliance and optimization.

At MetrixData 360, we often use our client’s SCCM tool to assist in our efforts to gather our data, which, in turn, ensures our customer’s compliance, optimization, and software licensing confidence. If you would like more details about how MetrixData 360’s approach can save you big on your software expenses, you can check out our SAM COMPASS service page by clicking the link below.

2021 Predictions: What to Expect from Software Vendors

It’s almost over, this terrible, awful, no-good year is almost over. Let’s have a recap:

  • Plague
  • Famine
  • Economic collapse
  • Pestilence
  • Violence
  • Murder Hornets

Did I get everything? Probably not but that’s all behind us now. It’s a new year and hopefully, hopefully, it will be better than the last. Last year around January, I wrote a piece about where MetrixData thought 2020 was going and a few predictions we had about trends we were noticing in the tech industry. At the time, COVID was just an outbreak in China that was steadily inching closer to my hometown. Then March struck and that piece got sidelined real quick because the future was suddenly very dark and unpredictable. Now, we’re still stuck in that turbulent time, and rolling with the punches is our only strategy because who knows what’s next? At MetrixData 360, we thought this year we’d give our tentative outlook for 2021, with a lot of wriggle room in case 2021 is as full of surprises as last year. So, what does 2021 have to throw at us after the chaotic dumpster fire that was 2020?

2021 Risks to Think About

There are a few worse case scenarios that must be taken into consideration when forecasting 2021. While 2020 has proven that it’s always best to keep an open mind about what will happen next, a few of the worst-case scenarios that could possibly play out include:

  • The virus may not be under control by the end of 2020:
    • the thought of a second year of lockdown is enough to make you cry, but it is a reality that must be taken into consideration. If an effective vaccine is not out by 2021, then that means that we might face a third or fourth wave followed by the appropriate restrictions and lockdowns. This will further postpone economic recovery and resuming our normal lives. Even if a working vaccine is announced, it will take months to distribute and to assess its effectiveness.

 

    • COVID mentality will not be shaken off so easily: There will likely be a transition period, while people shake off that 2020 storm-weathering mentality. Many people may choose to remain remote for fear of contracting the virus. While local tourism might increase out of a desperate desire to get out of lockdown, far-flung holidays to remote locations may be postponed until 2022 for fear of being stranded overseas. Many people and businesses will find themselves staying afloat financially only by the skin of their teeth, and for some people, their jobs will not be coming back after COVID, and so will be either unwilling or unable to flaunt any spending money.

 

  • 2021 recession or rebound: It might be important to keep that storm-weathering mentality and hunker down for a 2021 recession, which some economists are predicting. The US dollar has a 50% chance of doing a double-dip recession by the end of 2021. Although other economists are predicting the economy will ramp back up as businesses open again, deals that were postponed are picked up again and employees who were laid off during the pandemic are sent back to work.
Related: Want to learn how to save money on software during COVID? You can watch our video on how to save money during a pandemic.

As you can see, a lot can happen in the upcoming year, we may not be out of these treacherous waters just yet, but what kinds of things can we expect without any unexpected turns?

Tentative Return to Work

Many companies are expected to be heading back to work either on a partial basis or in a manner that allows employees to effectively social distance. If companies were not already on the Cloud when the pandemic struck, there was a hasty adjustment period, where companies scrambled to assemble some kind of Cloud infrastructure that would allow them to keep their business running, forcing companies to technologically jump several years ahead. Since a Cloud migration is typically seen as an expensive endeavor, it’s unlikely that going back to the office will result in a complete dismantling of their efforts. So, the Cloud platforms will likely stay, which could easily lead to a more flexible work environment for employees. Many analysts predict that our working situation in 2021 will look more like 2020 than 2019, as those who enjoyed working online will most likely push to remain so. What this means is that companies will now have a global pool of candidates to pick from while also have to compete for good candidates on a global scale with other companies.

Aggressive Audits

The software industry took a definite plunge over the past year, with sales reaching a vicious low when it came to licenses. The exception to this rule of course, was telecom software, with both Zoom and Microsoft’s Teams taking off in popularity. Despite this growth, many software companies experienced significant losses in 2020. This means we will most likely be seeing an aggressive wave of software audits soon. The software vendors also demonstrated significant generosity towards their customers during the pandemic, with free offers, customer packaging, and a hold on true-ups and negotiations. However, their generosity will be coming to a close soon, so it is important you clean your profiles of any programs whose free trials have expired and get started in preparing to meet a far less generous software vendor during your next true-up.

Related: Don’t let the software auditors catch you off guard with our Software Audit Checklist

IT Security Threats on the Rise

The swift migration to the Cloud during the beginning of the pandemic resulted in a lot of hasty constructions of the cloud infrastructure, basically, they just needed the bare minimum to get going. What this has left us with are platforms that may not be the most secure. Think of all the businesses that couldn’t provide their workers with their own unique devices and those employees were forced to use their own laptops, which may easily be dated or perhaps already burdened with barely contained malware. It is suspected that 2021 will see cybersecurity being one of the many daunting challenges companies will have to face, such as an increase in Ransomware attempts, phishing, and IoT attacks will all increase as businesses struggle to protect their new cloud environments.

Related: Protect your Software Environment with our article, How SAM Can Improve Your Cyber Security

Get Ready for 2021 with MetrixData 360

2021 is upon us and as we leave this awful year behind it is important to keep looking ahead and prepare for the worst but hope for the best. Nothing prepares you better than having a software environment that is organized and under control. At MetrixData 360, we provide our customers with the ability to sleep easy at night, knowing their software environment is compliant and cost-effective.

IT Security Threats on the Rise

The swift migration to the Cloud during the beginning of the pandemic resulted in a lot of hasty constructions of the cloud infrastructure, basically, they just needed the bare minimum to get going. What this has left us with are platforms that may not be the most secure. Think of all the businesses that couldn’t provide their workers with their own unique devices and those employees were forced to use their own laptops, which may easily be dated or perhaps already burdened with barely contained malware. It is suspected that 2021 will see cybersecurity being one of the many daunting challenges companies will have to face, such as an increase in Ransomware attempts, phishing, and IoT attacks will all increase as businesses struggle to protect their new cloud environments.

How To Prepare for a BSA Software Audit

Receiving a BSA software audit can be just the thing to ruin your day or your month. The Business Software Alliance (BSA) is an industry trade group that acts to defend its members, including large software corporations like Microsoft, from copyright infringement. They are also the top advocate for technological innovation.

The BSA’s software audits are a special kind of painful, and MetrixData 360 has just the remedy for that type of pain. Having spent many years in the software asset management industry, we’ve been able to get our clients out of the stickiest situations. So, let’s talk about BSA audits and how you can prepare for one.

What Is a BSA Software Audit

 

Software audits are the review or analysis of a piece of software to ensure several different regulations are being properly adhered to. The reasons for instigating an audit vary, but include:

    • Checking Compliance
    • Ensuring that the piece of software is working properly
    • Investigating the proper configuration of a piece of software within an environment

 

Generally, software audits form an excellent stream of revenue for software vendors, since compliance gaps are often resolved with the purchase of more licenses to drive up the vendor’s sales and market value.

Having a strong defense for software audits is critical to ensure that you are not left paying out millions of dollars in unneeded fines.

What Causes a BSA Software Audit?

Regular software audits from a software vendor occurs for a variety of reasons.

  • Their revenue has taken a sudden dip and they are trying to make up for the losses
  • Your company has gone through a merger and acquisition, and it’s likely that your software licensing environment is messy after the move
  • Random selection, some software vendors issue routine software audits on a regular basis regardless of whether their clients have shown any red flags for compliance issues. There’s little you can do about it just being your turn.
  • You have rolled back on purchased licenses suddenly and without explanation
  • You have gone through a software audit before and the results revealed a huge compliance gap. The software vendor will assume you’ve fallen back into old habits.
Related: Avoid inciting an audit. Check out our article:
How to Avoid Software Audits

However, the thing that incites a BSA audit is a little different.

The BSA has telephone hotlines and radio stations where they encourage disgruntled employees and vendors to make anonymous reports and complaints about companies in violation, regardless of size.

These informants are further incentives by the potential of a reward for any leads into instances of the unlawful installation of software.

Of course, the BSA will consider any installation without a proper receipt or proof of purchase as an unlawful download. For each report, the BSA will decide if they will request a self-audit or if they will go straight to a lawsuit but usually, they will ask you to conduct a self-audit first.

A self-audit will give you the chance to run your own internal resources and use your own software audit team to compile your defense.

The Tools and Process of a BSA Audit

Since the BSA audit will be a self-audit, you will be allowed to use an internal staff or a third-party firm to gather your relevant information, which will include proof of purchases or receipts for all the versions of software and all the computers that you have in your software infrastructure. Make sure you pay close attention to this collection phase, since the BSA may mark free versions or old versions of the software as unlicensed.

The BSA may offer you software tools in order to collect the relevant data, but these free discovery tools may easily miss critical information. They may mark free or test/dev software as fully licensable or they may fail to accurately capture the intricacies and uniqueness of your software environment.

When in doubt it’s always best to use your own software inventory tools.

Related: Want to learn more about SAM tools? Get started with the basics:
What are Software Asset Management (SAM) Tools: Functions, Advantages, and Disadvantages

What Are the Fees Associated with a BSA Software Audit

The most worrisome difference, and the one that is on everyone’s mind, is the price tag associated with the BSA audit.

A regular software audit is sent out by the software vendor on a systematic basis to their customers to ensure the proper use of their software. They usually send you one of two types of software audits: a review or an audit.

Reviews are voluntary and the only payment you have to make is the purchase of the licenses you are found to be owing.

Official Software Audits are distinctly not voluntary, and if you are found out of compliance to a significant degree (every software vendor is different but for Microsoft, you only need to be out of compliance by 5%) you will be asked to pay for the missing licenses, along with additional fees, and you will be burdened with covering the expense of the software audit.

Those are the two types of fees you can expect when the software vendor audits you. When the BSA audits you, it’s a whole different story.

When the BSA audits you, they will expect you to perform your own internal audit and provide them with the results. After receiving your findings, the BSA will fine you based on any illegal duplications or unauthorized use. This may be difficult to prove and, in some cases, even something like a proof of purchase will not be enough to satisfy the BSA standards. If that is the case, the fee can be staggeringly high — up to $150,000 USD per infringement, which is a reeling sum, especially for smaller businesses.

What Should You Do When You Receive a BSA Audit Request?

  • Respond

While one must be always worried about legitimate claims from untrustworthy sources, if you can affirm that the letter does in fact come from the BSA (and feel free to verify it with a lawyer), then it is always best to respond.

Even if the only thing they are asking for is a self-audit, refusing to comply will result in the BSA escalating things straight to litigation. If you were to refuse the demands of the BSA, it will make it look as though you have something to hide and will send a red flag to your software vendors.

  • Ensure Confidentiality

Set up a confidentiality agreement between yourself and the BSA, this will determine the scope of BSA’s investigations and will limit the BSA’s ability to use the data you provide to them in court. If they provide you with a NDA to sign, make sure to read it carefully to ensure it protects your own rights as well as that of the software vendor.

  • Start to Gather all the Relevant Material

You’ll need to compile all the data that will be required for this self-audit. This will probably take about 3 to 4 months to gather completely, depending on the size of your software licensing environment, so it’s best to get started early.

The types of things you’ll be gathering are:

  • List of software products that are part of the BSA membership that have been installed as of the date the BSA letter was issued.
  • Proof of purchases — usually an invoice will be fine when it comes to the BSA.
  • A list of your software inventory

How to Handle Software Audits with Confidence

Software Audits are no one’s cup of tea, and when it comes to the software audits that the BSA dishes out, they tend to come with an extra dose of difficulty that can leave many companies stupefied.

Being stuck paying out millions of dollars in fines that you don’t owe is hardly an ideal scenario and, what’s worse, is that it is completely avoidable. There’s a way to get around this.

At MetrixData 360, we know how to deal with these types of audits and we have defended our clients in the most challenging times. If you’d like to learn more about MetrixData 360’s approach to audits, you can download our Audit Defense Procedure for an in-depth step-by-step look into handling an audit.

Windows Server Licensing Explained

Windows Servers licensing is not an easy concept to wrap your head around. Next to SQL Servers, it is one of the most complicated licensing models Microsoft has to offer, perhaps one of the most complicated licensing models period. It might be as entertaining as watching mud dry and as complicated as today’s political climate, it can be mastered with the right tools at your disposal.

At MetrixData 360, we specialize in the toughest licensing that software vendors can offer, even software as complicated as Windows Server. So, we thought we would go over some of the basics you will need to know when ensuring compliance with your Windows Server licensing.

What is Microsoft Windows Server?

Windows Server is an enterprise-class server operating system, with the purpose of sharing services with multiple users and providing administrative control over storage, applications, and corporate networks. Since its release in the early 2000s, Windows Server has served as a critical element in the software infrastructure of many organizations to this day. Among the current Windows Server editions, each has its own slightly different licensing metric. Due to the nature of these servers, it can often be quite difficult to license them and to ensure one is properly licensed.

Types of Windows Servers

Windows Server Essential

Ideal for anyone anticipating eventual mobility into the cloud, this server has built-in integration with Office 365 hosted services.

Windows Server Essential follows a Speciality Server licensing model, meaning it is licensed per server. The upfront cost for Windows Server Essential, which is significantly lower than the other models, is the majority of what you will have to pay for the server. It’s priced as such because Windows Server Essential is unique in that there is no need to buy additional users or device Client Access Licenses (CALs) after the initial purchase. Instead, the server has a cap limit on the number of users and devices that can access it.

Customers can choose between using up to 25 named user accounts or installing Windows Server Essential on no more than 50 devices. For this reason, it is best suited for smaller companies that have minimal anticipated growth over the next two to five years.

Windows Server Standard Edition

Proving the happy medium between Essential and Datacenter, Standard Edition offers a solution that is similar in function to Datacenter but is closer to the cost of Essential, making it suitable for a medium-sized company.

It offers the ability to run two virtual machines, along with fully integrated services and direct access for users. It follows a core-based licensing model and requires CALs. Due to this fact, purchasing a Standard edition is a little tricky, since you must purchase 16 cores per server and you will also require additional purchases if the number of cores per server is greater than 16. If a business requires more virtual machines than the two offered by the Standard edition, then the Datacenter edition should be considered.

Windows Server Datacenter Edition

The most advanced and expensive of the Windows Servers, the Datacenter Edition offers the ability to run an unlimited number of virtual machines and can effectively meet the demands of large enterprises with larger IT infrastructures. Just like the Standard Edition, the Datacenter Edition follows a core-based licensing model. The greatest drawback of the Datacenter Edition is its cost, which is roughly eight times the original price of the Standard Server.

What is a Core-Based Licensing Model?

If you have Windows Server Standard or Windows Server Datacenter editions, then you will have a core-based licensing model. A core-based licensing model means that the number of licenses that you need is determined by the number of server cores inside the number of processors.

This type of model was introduced in 2016 with Windows Servers, and this was done in order to provide a more consistent licensing metric across Cloud platforms and to allow for easier cloud mobility.

The three basic rules that you must adhere to with the core-based licensing model are as follows:

  1. Every processor must be licensed to cover a minimum of 8 cores
  2. Every server must be licensed to cover a minimum of 16 cores
  3. All physical cores in a server must be licensed

When adhering to the core-base licensing model, you will need to first have a base license that covers 16 cores. if your server has more than 16 cores, any additional cores will require additional licenses. All additional licenses come in increments of 2, 4, and 16 cores. Additional licenses are also required when using more than two virtual machines (VMs) on a Windows Server Standard edition.

No additional licenses are required for VM’s that are run on Windows Servers 2019 Datacenter. Should you be running an application on the Windows Server such as a SQL Server or an Exchange Server, then the general licensing rules for the server application must be applied.

Related: Trying to get a handle on your SQL Server licensing as well? Check out our article: SQL Server Licensing Explained for a deep dive into Microsoft’s most complicated licensed product.

Client Access Licenses (CAL) and Remote Desktop Service (RDS)

After you have your cores figured out, you will need additional Client Access Licenses (CALs) to cover every user or device which connects to the server. CALs are distributed based on unique persons, described as users, or devices. It should be noted that depending on whether you choose to license per user or per device can greatly influence the overall cost of your licenses.

CALs can be considered keys, in that every person or device will need their own separate key to access the server, which will require its own license in the same way that a door requires a key for its lock.

CALs come in packs of 1, 5, 10, or 50. Once a user or device is given a CAL, they will have access to any Windows Server of the same edition or lower, so long as the server software is running on Customer’s Licensed Servers.
For example, a user with a Windows Server CAL 2012 may access a Windows Server 2008 edition or a 2012 edition, however, they could not access a Windows Server 2016 edition. Mixing and matching Window Servers and CALs can become quite confusing and you should consult a licensing expert before configuring your licenses in such a manner.

Remote Desktop Service (RDS) CALs, previously known as Terminal Services, will also be needed for users or devices who wish to access programs or full desktops remotely. Both a CAL and an RDS will be required for remote desktops, with the only exception to this rule being if two users or devices are accessing a server software but only for administrative purposes in which case there is no need for either a CAL or RDS. An RDS will allow the remote access of applications for a wide range of devices and network connections.

Windows Servers in Azure

Microsoft’s cloud platform, Azure, has adopted the ability to license Windows Servers in its own complicated manner. There are many different ways to license your Windows Servers in Azure including but not limited to:

  • Building Windows Servers directly into Azure through the use of Azure virtual machines: this can often be an easy solution to implement, but an expensive one, as the cost of Azure virtual machines will simply be added to your overall cloud spending, which can certainly accumulate without proper regulation to limit rampant spending.
  • Hybrid Benefits: considered the new way to license, although, you will need to use your own activation method such as a KMS Server or a MAK key.
  • A License in Windows Server Cannot Move within a 90-day Period: it is important to note that license mobility and SA benefits do not apply to Windows Servers.

Virtual Machines and Windows Server

Simply because a server is only virtual, it does not remove the need for a license, as virtual instances of Windows Server must be licensed under its host, and the host license must account for virtual machines.

In the scenario where clusters of virtual machines are free to move between hosts, all potential hosts must be licensed as if they were the current host. There is no need to count the host operating system or provide it with a license as long as the operating system is used only as the hypervisor to run the virtual instances.

The exception for this scenario, of course, is Windows Server Datacenter editions, where each host only needs to be covered with 16 licenses, this will give them the right to unlimited virtualization.

Stacking licenses is the practice of using multiple Windows Server Licenses, either Standard or Enterprise, in order to properly license multiple virtual machines over multiple hosts.

It can be quite difficult to figure out the correct number of licenses to fully cover a virtual server, however, when this limit is reached the licensed host is considered licensed for capacity; the same is applied to a host or cluster which is described as licensed for capacity when it has a finite number of virtual servers allotted to it.

Related: Want to Learn More about Virtual Machines? Check out our article: All About Virtual Machine

Need Help With Your Windows Server Licensing?

Windows Servers are critical elements to your software environment; however, their usefulness shouldn’t be tempered by the difficulty surrounding their licensing. Having a strong understanding of what you need to buy and how best to buy it will give you the confidence you need when confronted by Microsoft’s sales reps.

At MetrixData 360, we specialize in difficult licensing structures, the likes of which would leave most people’s head spinning. Our licensing experts thrive in the most challenging of scenarios, and our SAM Tool is equipped to quickly handle the most complicated of Windows Server licensing scenarios.

If you would like to learn more about our services and how well we can help you license your servers in a way that can save you money while keeping you in compliance, you can check out our tool page using the link below.

What is Active Directory (and how to use it to save on Software Licensing)

What is Active Directory? The Active Directory is an extremely popular directory service used by the vast majority of Fortune 1000 companies in the market today. It is also perhaps one of the most critical elements within your software environment, so knowing what it does and how it can benefit your efforts in taming this unruly technological beast that is your software environment is essential.

The Active Directory can be a confusing place. However, at MetrixData 360, we often find ourselves working with our customers’ ADs and we know how overwhelming an experience it can be without the proper assistance or knowledge.

We know how an Active Directory works, and we know how to make it so that it can assist you in your software asset management efforts.

So, in this article we will examine the Active Directory tool: what it’s used for, how it works, and how it can be used in software asset management.

What is the Active Directory?

Active Directory is a feature of the Windows Server Operating System and acts as a critical element in many companies’ software infrastructure. For a Windows-based environment, almost all applications and tools are put through the Active Directory to allow for authentication and directory browsing. The Active Directory is broken down into two parts:

  • The Database:

The database is also known as the directory, which is comprised of the most critical info about your environments such as users, groups, their passwords, their computers and their licensing restrictions and their permissions (e.g. You can allow all employees to see your company benefits but only permit the financial team to modify the document).

  • The Services:

This controls all the activity within your IT environment. This is meant to ensure that everyone is who they say they are, ensuring passwords and ID are correct and limits user access to certain information (authorization).

You can see how critical an active directory is to a software environment and you can also imagine that stability, availability, and security must be a top priority for Admin staff regarding the Active Directory.

How Does Active Directory Work?

While you could write a small book about the inner workings of the Active Directory, to put it briefly, it does not benefit a company to have their computers operating independently from one another: there needs to be an element of connection, with the ability to share information while simultaneously controlling access to sensitive information that should only be viewed by authorized employees.

If all this information is stored in a central location, it can greatly improve productivity. Picture the AD like a phone book, matching names to numbers and locations (although that is only one of the things AD organizes). This pool of data is arranged hierarchically. AD has a few main structures it relies on:

  • Domain: Any related group of users, computers or other objects, there are also sub domains or Children of top domains, which may act as smaller groupings within the Domain.
  • Trees: Multiple Domains grouped together
  • Forests: Multiple Trees grouped together
  • Schemas: Definitions of all the objects which are used to make sense of the storage systems of every forest.

Active Directory in the Cloud

With the vast majority of modern businesses existing now in the Cloud to some extent, IT professionals may be wondering about how their Active Directory will be able to effectively translate to this new environment or if it will even survive the move.

Sadly, the Active Directory cannot easily be transferred to the Cloud despite the growing popularity of Cloud solutions among the IT department. This is mainly due to the fact that the Active Directory was first published in the late 90s, where the main goal was simply to get every office worker a computer.

The Active Directory helped to ensure that these computers were controlled and monitored under one system. While it may be difficult to move your Active Directory from on-prem to the Cloud, there is also the available counterpart of Azure Active Directory, which allows users that same level of control over external resources (Microsoft 365, Azure portal and similar SaaS applications) and internal resources (applications on your organization’s intranet and cloud apps developed by your own organization).

A basic version of Azure AD is available as a free feature to those who are subscribed to any Microsoft Online business service, with more premium versions requiring licenses.

Related: Moving to the cloud can be a costly occasion.
Here are a few hidden costs you should be aware of!

Active Directory and Software Asset Management

Because so much is stored in the Active Directory, many companies let their Active Directory become disorganized, and some companies do not allow easy access to their Active Directory.

The Active Directory, as a result of this lack of upkeep, could have large amounts of data that is dated and a record of assets that have long since been retired while still seeming as though they are in use. Despite this disorganization, the Active Directory is one of the first places that the software auditors look to when conducting an audit.

They will take the information stored in the Active Directory and build a compliance gap based on that information. This is why having a clean Active Directory that is up to date and comprised of only assets that are currently in your infrastructure is important if you want to avoid unwarranted auditing fines.

Your Active Directory also allows you to have a clear picture of all your assets in one place and as such can prove a valuable tool in your software asset management efforts.

At MetrixData 360 we often consult our clients’ Active Directory when we first begin cleaning up their assets. This gives us a starting point for what assets need to be hunted down, and what assets can be cleaned up.

Related: Ready to Get Started on Software Asset Management?
Check out our Beginners’ Guide to Get Started!

MetrixData 360 Active Directory Reporting Tool

Having a clean Active Directory is imperative in your efforts to keep your software environment organized and ready for whatever this tumultuous year can throw at your business.

At MetrixData 360, we have created our own tool to help with the difficult task of cleaning up your Active Directory. Our Active Directory Reporting Tool is specifically designed to be adjustable, scalable, quick, easy, and safe to use. Our clients have found our tool valuable in its ability to complete months of work in seconds.

An accurate depiction of what you have, what you need and what you don’t is at your fingertips with our Active Directory Reporting Tool.

For more information about what our Active Directory tool does, and to see it in action you can check out our Active Directory reporting tool page.

Convincing Your Boss to Upgrade Your SAM Strategy

Convincing your boss to bring on a team of people is no easy task. You want your boss to think you’re capable, that you’re the one-person army you promised when they hired you. However, if you’ve been handed the task of managing the software assets of your company’s entire software architecture, then you may have quickly discovered that you can’t, in fact, do it all. There’s no shame in that, especially if such a large job has been prioritized as little more than a side project to be put on top of all your other work, we’re only humans, after all. We get tired, burned-out and even the hardest working among us can’t take on the gigantic task of enterprise-level software asset management alone. So how do you convince your boss to expand and bring on a team?

At MetrixData 360, we have been in the software asset management game for many years now and we have seen the consequences of companies not having a proper SAM solution in place only to have a software audit hitting them like a shovel to the face.

In this article, we’ll break down how you can get your leadership to invest in software asset management, so the task doesn’t fall solely on your shoulders.

Convincing Your Boss a Software Asset Management Expert is Best

Software Asset Management is a relatively new industry, with few people understanding what it is and even less understanding the need to invest in it. So, if you want the help you require, you’ll need to convince your boss of  the value of bringing on software asset management expertise.

Let’s look at the various skills that are required for one person to successfully maintain their company’s software asset management strategy:

  • Legal Expertise: Licenses, contracts, and how to read between the fine print are all necessary skills when you’re breaking down software contracts.
  • Vendor Expertise: Technology is constantly evolving, and your software vendors are constantly making changes to their product line and the licensing associated with it. Vendors can make changes that will affect your licensing hundreds of times a year. Keeping pace with the changes of even one vendor is considered an accomplishment.
  • Negotiating Expertise: Knowing how to handle contract negotiations, contract renewals and software audit negotiations will be an important element of a SAM expert. There’s no point in discovering these saving opportunities if they can’t talk the software vendor into making your contracts reflect those savings.
  • Technical Expertise: It helps if you actually know how the software you’re dealing with works and how it interacts with the rest of your software architecture.

As you have probably figured out from this robust list, being an expert in any of these fields would be a full-time profession. The main appeal of seeking external SAM expertise is that you will instantly have a team of experts from the second they walk through the door.

Providing Options to Expanding Your SAM Team

It’s important that you don’t frame your proposal to your superiors as a win-lose/yes-no scenario, try to present options to your boss. When confronted with the situation of needing more manpower for your company’s software asset management goals, you have a few options at your disposal.

Hiring a Full-Time, In-House Team

Building an internal team is both costly to initiate and upkeep over the long term. You may also have trouble finding someone to fill the positions you need, you don’t have the time to train a new college grad and the seasoned veterans in the software asset management community know that they’re in high demand.

Hire External Experts

Hiring an expert offers the greatest long-term value with a reasonably smaller upfront cost since they offer a wide team of experts from the second they walk through the door and their specialization can be hand-tailored to your time frame and challenge.

While there is the issue of becoming dependent on the SAM experts’ services, MetrixData 360 counters such issues by offering training wherever possible to our customers.

Hybrid Solution

Some organizations may only need assistance in specific areas. Perhaps you already have a SAM tool installed and merely need someone to manage it or your company excels at day-to-day SAM but needs assistance in an audit. Either way, there are many SAM solutions to pick from that can accommodate your unique case.

Have a Clear Goal for Your Company’s SAM Journey

As you may have already discovered, Software Asset Management can prove to be completely overwhelming. The sheer amount of raw data your discovery tool can drag in is enough to discourage and confuse anyone whose brain isn’t built with a motherboard.
A fully optimized SAM solution also isn’t gained just with the mere installation of a discovery tool, although that is an important element to it. There are five stages of SAM maturity:

Chaotic:

Exactly what it sounds like. There’s no visibility into your software environment, it’s anyone’s guess how many licenses you use or need. When an audit comes, there’s a lot of scrambling and confusion, with only the auditor’s findings to go on — even though the chances are that you aren’t as far out of compliance as they say. The goal at this stage should just be to gain visibility.

Reactive:

At this stage, you have probably had a SAM tool installed and have some level of visibility, although software audits are still a matter of damage control and you still suffer from compliance issues. Now that you have visibility, your goal at this stage is to gain compliance.

Compliance Plus:

You’ve reached compliance, you have visibility into your software environment and problems found there are corrected before they are confronted in a software audit. From this stage your next goal is to start searching for saving opportunities.

Optimization:

At this stage you’ve reached peak optimization, you’ve made use of all the saving opportunities you’ve found. Now the next step is to solidify your efforts and to make sure the SAM processes you set in place outlast you by making them a part of your company’s regular procedures.

Amplified Value:

You’ve now achieved the ideal software environment. You have proper visibility and can handle a software audit like it is nothing. Your software environment is as efficient as possible, and you are only purchasing what you need. Best of all, the change will now be permanent for the betterment of your company in years to come.

Now, it’s important to understand that climbing up the SAM maturity ladder takes time and it may not be necessary for your company to reach the peak of SAM maturity. Assess where you want to go and where your company is heading and present your boss with a strategy to reach that goal.

Timing Your Request

Timing is everything. This is just a general rule, try not to come to your boss with your list of suggested SAM solutions when they are upset or frustrated, it might not bode well.
Take note of any of the more pressing issues that you are dealing with when it comes to your company’s software environment and frame your argument accordingly. If your company for instance, is dealing with an unpleasant software audit, then focus on more immediate and short-term SAM solutions as opposed to anything long-term. You’ll need to make a good impression.

Related: Need to convince your team about the value of Software Asset Management? Check out our article:
Promoting Software Asset Management to Your Team.

Getting a Handle on Your Software Assets

With so many organizations new to the idea of SAM, a lot of them are still writing the rules on what that process should be like and how many people should be given the task. If you find yourself overworked and burnt out because you’re trying to run your organization’s SAM with a penny’s budget and a scant team (if you have a team at all), then you’ve come to the right place.

At MetrixData 360, we pride ourselves in being both educators (so you can learn and improve your skill after an engagement with us) and SAM experts whose whole process from start to finish involves saving you money. Given our wealth of SAM experience getting our clients to the point where they are compliant while also cutting down unnecessary costs, we can create an estimate of the potential savings and Return on Investments of SAM Solutions. If you’d like to learn more about the kinds of solutions MetrixData 360 offers and which one would be best for your organization, you can contact our director of client success and you can expect a response in less than 24 hours.

Is Your Software Auditor Ignoring You?

You’ve almost made it through your software audit and you can see the light at the end of the tunnel. You’ve collected the data despite how much of a drain it was on your resources; you gave your best defense. And yet, it seems, your software auditor is ignoring you.

Now what?

On the one hand, it’s pretty great to be ignored; you can finally get back to business. If the auditors gave you the silent treatment before you settled, then any day where you aren’t writing a big fat cheque to the software auditors is a day well spent.

But on the other hand, this unexpected and uncertain silence has got you on edge, what happens if they come back? You want this audit to be over so you can rest easy at night but that can’t happen until it’s come to a satisfying conclusion.

At MetrixData 360, we have gone through many software audits before and we have helped our clients get out of the stickiest situations.

So, what do you do without that bitter conclusion to this otherwise unpleasant story? In this article we’ll cover what to do if the software auditors have given you the silent treatment.

Why Are the Software Auditors Ignoring You?

The software auditors are not exactly angry romantic partners. If they aren’t talking to you, you’re not about to send them a bunch of text messages, fill up their voicemail and send them apologetic flowers just to get them to talk to you again.

Oftentimes, you may feel like not seeing them again is preferable, but it is important to know why they have decided to take the approach that they have so you can approach this issue with confidence. After all, you need closure.

Many of our team members are ex-auditors themselves, so they know what is going through the minds of auditors when they give you the cold shoulder.

The Investment is No Longer Worth it

One of the main reasons why the auditors may have gone silent is due to the sheer dwindling of incentives. A software audit is supposed to be the software vendor’s cash cow, with your compliance gap expected to be large enough to force you to contractually foot the bill of the software audit process or, at the very least, cover the expenses of the investment.

Before a software audit even begins, the vendors and the auditors create a rough estimate of what they think your compliance gap will be and how much revenue they expect to accumulate during the process.

However, if your software environment is far cleaner than the software vendors anticipated, then the auditors can already see that they are not going to get the money that they thought they would before your software audit has even ended.

When faced with this conundrum, the software auditors may try to stretch your software audit into other products, this is called scope creep and can be avoided if you clearly define the scope of the audit during the kickoff meeting. If they can go digging for their anticipated revenue elsewhere, then your audit will be shelved for a later date, so that the auditors can work on more lucrative projects.

They Are Hoping to Use Your Data in Your “Next” Audit

You’ll find there is an audit clause in your licensing contracts (it’s almost impossible to get rid of it). This clause states that the software vendor has the right to audit their software for whatever reason they deem appropriate.

However, your audit clause may have a few more elements to it. For instance, it may outline how long of a down period your software vendor must give you between audits with the usual minimum time period being a year.

It is also possible to negotiate for other requirements such as forbidding your software vendor from carrying your data from one audit to another. This prevents you from being held accountable for compliance issues you’ve already resolved in the last audit.

However, the way the software vendors get around this obstacle is by keeping a software audit open for as long as possible. They can’t be in breach of their contract for auditing you twice in one year if you are still technically in the same audit, and they will be allowed to use the data they collected in the first half of the audit and bring it over to the second half if it is all technically one audit.

They are Worried About Your Relationship with Them

The software vendors want your money, but they also want your continued business. One of the less common reasons why an auditor may pull back from a software audit is if things have gotten heated, and they are worried about the long-lasting effects this will have on your relationship.

That is not to say that they have dropped the audit altogether, especially if there is evidence of a compliance gap because that means there is still money to be made. Instead, they may just be waiting for things to cool off between you two before starting things up again.

What Can You Do If You Can’t Get a Response from Your Software Auditors

You Have the Right to Push Back

It might seem nerve-wracking and rather exasperating to push for something you never wanted in the first place. But if you are confident in the quality of your software data and you feel like you are prepared and can no longer take advantage of this downtime, reach out to the software auditor to demand closure.

The ammunition for your cause is the fact that the time and resources you’ve put into this audit might amount to nothing. If the software audit lies dormant for too long, the data you have collected may quickly become worthless as your software environment changes.

If you decide to leave things unresolved, then you must be prepared to potentially start from scratch if your software auditors initiate your software audit again.

Should You Let Sleeping Auditors Lie?

The silence of the auditors can give you a much-needed reprieve to build a rock-solid defense for yourself and may allow your business a much-needed break from auditing pressures and the ability to get back to business as usual.

However, the only reason you would want an unsatisfactory conclusion to your software audit is if you know you have a large compliance gap.

It is a rare thing for those kinds of audits to go away quietly. It’s usually the audits that are not going to be as profitable as anticipated where enthusiasm is lost.

Take these things into consideration when you are planning your next move. A silent and unwilling auditor may be a good sign that your compliance gap will not be as painful as anticipated.

What Can You Do to Prevent This?

The best thing to do is avoid this situation entirely, if you can. If you are entering a software audit or if you’d like to get ready for your next audit without encountering non-responsive auditors, here are just a few things that you can do in order to prevent this from happening again.

Negotiate a Turn Around Time in the Kick-Off Meeting

Every software audit begins the same way, with a kick-off meeting. During the kick-off meeting, there are a number of things that you will need to bring up including the scope of the audit, the non-disclosure agreement that will be set up between the third-party auditors and yourself, and of course, the timeline. The timeline is a very important thing that you will have to negotiate because should the software vendors have their way, they will create a very unreasonable and tight turnaround time in order to get things done all the faster.

It is important you create a timeline that accommodates your business’s needs including your busy season, your working hours, or even your holidays. Never think that you need to give up your days on the beach just because the auditors have given you an arbitrary timeline.

Ensure that the timeline reflects what you believe is a reasonable length of time to perform the tasks they are asking. If left unnegotiated, we have seen companies have to review thousands of rows of data in only fifteen days.

Negotiate what kind of response time is reasonable for both yourselves and the auditors during the kick-off meeting. Bake it straight into your NDA that should the auditor not respond for a certain period of time (such as four weeks), then the software audit can be considered closed, which means at that time you’ll be in the clear to rest easy and not have to worry about an audit from that software vendor for another year.

Keep Careful Tabs of the Auditors’ Response Times

Now that you have a reasonable response time outlined, keep careful tabs of how promptly the auditors are responding. Try to keep things prompt and timely on your end because it is never a good idea to go dark on the auditors. Ignoring them will make it look like you are dragging your feet to participate in the software audit. Not participating in a software audit can result in you being found in breach of contract. So, keep the pressure on them and make note of any slow response times, this may be an indication that your software auditors are losing steam.

Have a Proper Response for Software Auditors

Software auditors may be a puzzle to deal with; they may have vague requests and tight turnaround times, but nothing is more confusing than when all you get from them is radio silence.

At MetrixData 360, we know that there are many issues that can crop up during a software audit, and it can be unnerving trying to figure out your best response, especially when the software auditors are giving you very little to work with. We know what the software auditors are thinking because we’ve been on the other side of things, and we know how to create a perfectly timed response to the auditors’ most vague and puzzling responses. If you’d like to learn more about the kind of services we offer, check out our audit defense service page.

Internal Software Audit

If a software audit was to come to your organization today, do you know what they would find? Or does the idea of a surprise audit fill you with dread and a general wave of anxiety over the unknown? Running an internal software audit can help ease that anxiety and give you peace of mind.

The majority of organizations do not have any sort of software asset management solution in place and, as a result, a software audit for them would only be a matter of damage control to stop the bleeding wherever possible.

Needless to say, this is not an ideal situation to be in. Especially in these hard times, the old solution of throwing money at a software audit until it goes away is a luxury few organizations can afford.

At MetrixData 360, we have seen companies struggle to get their software environments in order at the last minute. But it is possible to get out ahead of the game.

How do you maintain a clean software environment that is compliant and under control all year round and not just when the software auditors darken your door? Self-assessments and internal software audits are an excellent step to helping you get your software environment in order.

Why You Should Perform an Internal Software Audit

Internal audits may come across as though they are nitpicking and critiquing the work of the IT and procurement departments. While it’s natural to become defensive when an audit team takes a critical look at past behavior, an internal audit isn’t meant to be adversarial. In fact, the purpose of an internal audit or self-assessment is to safeguard the company, not pick it apart.

The actual reasons for performing these software audits can be broken down into two parts:

Control: Internal audits are an excellent way to gain control of your software environment in a way that ensures that you are compliant with your software vendors and capable of cutting back unnecessary spending. You won’t be able to do that without a team who can tell you what you have to fix without making it about you as a person.
Action: Merely reporting issues will get you nowhere. Being able to tell there is a fire (smoke, alarms, the heat on your face) is only the first step in putting out the fire. You still have to figure out what comes next. Internal auditors need to be able to provide you with actionable solutions to the issues in your software environment.

When Should You Perform an Internal Software Audit?

Timing is everything in the business world. When would be the perfect time to kick off an internal audit? If you are experiencing any of the following situations, then performing an internalized software audit is an excellent idea.

  • Feeling the Threat of a Software Audit

While software audits are sometimes distributed at random, and every customer should anticipate a software audit of some kind from each of their vendors at least once a year, there can be a certain rhythm to them that we have noticed at MetrixData 360.

Some common factors that can catch the software vendor’s attention and may lead you to receive an audit sometime in the future are as follows:

  • The vendor has seen a dip in their sales and they’ll soon become resourceful in making up that revenue
  • You’ve cut back spending with the software vendor
  • You’ve let it slip to a vendor’s sales rep that you are working on some new projects that will require more licenses, but that project is unexpectedly postponed and the licenses are never purchased. The vendor’s sales team waits impatiently, and nothing happens, not being told about the project being cancelled. They will think that new projects are underway involving their software that they are not part of.
  • You’ve recently gone through a merger and acquisition (see the next paragraph for more details)

Performing a self-assessment is the best way to prepare for a software audit if you feel like one is coming. Times being what they are, software audits are expected to only increase as software vendors are desperate to make up for their lost revenue, so if you aren’t in a software audit, you have a good chance of being in one soon.

  • Going Through a Merger and Acquistion

The reason why this point gets its own section is because there are many reasons why it is a good idea to perform a self-assessment when your organization is going through a M&A and it’s not just because an M&A is the number one way to incite an audit (which it is!). Examining your own resources and the resources of the other company will give you better insight into what you are signing up for. You want to assume that the other organization is perfectly compliant and has their software licensing environment in order. However, we have often seen many organizations halt their M&A because they realize at the last second that the other organization has massive compliance issues that they will have to bear as well.

Their compliance issues become your compliance issues after the M&A is completed. Performing an internal self-assessment will not only give you the ability to check for compliance issues before the move, but it will also allow you to cross-compare which assets you can keep, which assets you can dispose of, and which assets won’t be able to move. It’s common after an M&A to have multiple pieces of software that serve the same function, and this duplication will only serve as a waste of money in your new software environment. This is the perfect opportunity to do a little spring cleaning and cut back any wastage.

It is also important to note that not every license can be transferred during an M&A, many organizations simply assume this without checking their licenses to determine if it is actually possible and they run the risk of being non-compliant. The last thing you want to do is be caught with compliance issues immediately after your M&A, it’s what the software vendors will be expecting and they will be knocking on your door with a software audit notice within 12 months of your finished M&A. You need to be ready for when that happens.

  • A Contract Renewal or True-Up Is Upon You

Contract renewals or true-ups are your opportunity as a customer to alter your current agreements to better suit your business needs. But you won’t be able to make informed purchasing decisions if you don’t have the data to back it up.

A self-assessment can tell you which licenses you need more of, which you can cut back on and the numbers for each. Simply buying based on what you’ve purchased in the past or making a rough estimation will not allow you to purchase in the most cost-effective manner, and you’re bound to lose money either by purchasing too many licenses or too few, leaving you exposed to compliance issues.

The software vendors and their sales reps do not have your business’s interests in mind when they make recommendations to you. The sales rep’s goal is to increase your spending with them and to get you to buy from them exclusively. Ensuring that you are using what you buy and making sure that you get the most value out of the product is not on their agenda, so you shouldn’t rely on their advice alone.

Having your own data to back up your purchasing decisions will put you back in the driver’s seat during your next software contract negotiation.


Related: Getting Ready for a Contract Renewal or Contract Negotiation? Make sure you are ready by checking out our article: Getting Ready for a Microsoft True-Up
  • Are You Going through a Cloud Migration?

These days, it seems like everyone in the modern business world is either already in the Cloud or heading there. Transitioning to the Cloud can be an expensive endeavor, riddled with hidden fees and unexpected costs related to rampant spending and uncensored processes. When you move to the Cloud, it is important to prioritize and only take what can and should go with you. Unneeded licenses that are just acting as a leech to your budget and untransferable licenses that will only represent a compliance gap later should be left behind.

Related: Cloud Migrations when done improperly can cost your organization a lot of money. Check out the issues you need to be aware of in our article: Moving to the Cloud? 5 Problems You’ll Need to Address

How to Perform a Software Audit Self-Assessment

Knowing that you need a software self-assessment is one thing, but knowing how to do it is quite another. Here are just a few elements that involved in creating a software self-assessment that will give results:

  1. Proactive Approach
  2. Informal Audit Activities
  3. Free-flow of Information
  4. Have the Right Team

 

  • Proactive Approach

It is easier to build something that is strong and stable in the first place than to go back later and fix it. Going back and reworking faulty systems is more likely to be met with resistance on the part of the IT team, who will have more work for them. Building controls upfront will help you to keep your software assets under control before they even grow into issues.

If you’d like to learn how you can create a proactive SAM approach, you can check out our article about growing in SAM Maturity.

  • Informal Audit Activities

Internal audits can involve an extensive process of granular research that may be difficult to conduct on a regular basis. Allowing your team to perform informal, less rigorous research to simply scan an environment for red flags will greatly reduce the data you will have to sift through and will allow you to cover a lot more ground on a regular basis without losing steam.

Since you are not in an actual audit at the moment, there is only the need to keep a pulse on the health of your software environment, there’s no need to dig deep and cut into it just yet.

  • Free-Flow of Information

In many organizations, there is a disconnect between the IT department and the procurement department; a communication breakdown between those who buy the software and those who use it. This is an inherent deterrent towards the goals of achieving a realized software asset management solution. Breaking down these walls by encouraging the free flow of information between departments is essential to ensuring a healthy software environment.

  • Have the Right Team

Having a messy, unorganized and unmonitored software environment is a costly luxury and an unnecessary expense when compared to the savings that could be realized with a properly implemented software asset management solution. This is why performing internalized audits and self-assessments is a great way of realizing those risks before they grow into greater issues.

Who Should Act as Your Internal Software Audit Team?

When it comes to hiring a team, you can either create an internal SAM team or hire an external source.

At Metrixdata 360, we have helped many of our customers get their software licensing environment under control, cutting down your expenses to their smallest digit.
Our goal is to save you money and if you would like to learn more about the kind of services we offer, you can check out our self-assessment page.

Buying a SAM Tool

Software Asset Management (SAM) is a set of business processes that are designed to maintain license compliance and spending efficiency regarding an organization’s software licenses. Buying a SAM tool to help gain visibility into your software licensing seems like a no-brainer, but not all SAM tools are created equally.

SAM done right can provide significant benefits to an organization, including:

  • Cost Reduction or Expense Elimination: a potential 30% savings could be found in any software environment that hasn’t implemented SAM in the past.
  • Reduced Risk: Software vendors use software audits as a source of revenue due to the fact that often in the event of an audit, companies have no way to defend themselves against the (inaccurately high) claims of the auditors.
  • Cost Optimization: SAM empowers your company to only purchase what you need and allows you to get the most out of what you purchase.

If you have decided that your company would like to implement SAM, then your next logical step would be purchasing a SAM tool. The reasoning behind this is simple: modern software architecture is quite complicated. For mid-sized to large businesses, counting your licenses manually using nothing but a spreadsheet would produce enough data to drive anyone mad. To implement true software asset management, you need to purchase a SAM tool. At MetrixData 360, we have been working in the SAM tool industry for many years now and we pride ourselves in our high customer satisfaction rate.

To ensure you have a good experience, it’s important you don’t rush into this purchasing decision. In this buyer’s guide, we’ll cover everything you need to know about SAM tools: what they are, where they often fall short, and how they fit into your greater plan with SAM.

What Are SAM Tools?

SAM tools are applications that are meant to aid and assist the management and organization of your software assets. SAM tools are divided into two categories: agent and agentless, both of which come with their own advantages and disadvantages.

Agentless SAM Tools

By far the more popular option of the two, agentless monitoring relies on protocols to relay information back to a central monitoring software. Software and hardware manufacturers have built features into their products which will allow the software or hardware to relay information about itself if prompted.

Agentless monitoring simply embeds itself within the software or hardware to tap into this relay of information in order to read their operational parameters before sending it back to the central monitoring software. So, it’s technically not agentless but simply tapping into a communication network that was already there within the product.

Pros of Agentless SAM Tools

  • Deployment and installation are easier and faster, since there is less software to install compared to agent-based monitoring. With agentless tools you only need to install the central system.
  • Monitoring is always done the same regardless of the system it is monitoring.
  • Licensing and hardware expenses are low compared to agent-based tools.
  • Maintenance and updates are often easier and cheaper.
  • Only requires basic knowledge of graphs, monitoring, and analysis to use.

Cons of Agentless SAM Tools

  • Limitations in what can be monitored, some elements of your environment simply can’t be remotely monitored. Due to this limitation, monitoring is less expansive, and the analysis is restricted.
  • Monitoring protocols sometimes are lacking in security measures.
  • Requires additional network traffic for when the raw performance data is sent to the remote data collector.

Agent-Based SAM Tools

Comparatively, agent-based monitoring gives you the opportunity to collect and analyze more data from your infrastructure using agents that run on the monitored system. The agents are pieces of software that are installed to collect operational data and they will send it back to one central system. Since vendors of agent-based tools often provide their tool when you host on their platform, the increased breadth of data is expected.

Pros of Agent-Based SAM Tools

  • Flexibility for developers to define the information that is passed between the monitoring tool and the system it is monitoring.
  • Adding new devices onto the tool is very easy and doesn’t require updating the tool. You simply need to install the agent onto the new device.
  • Often provide much more detailed information compared to the agentless tool.
  • Collection of parameters are done by the agent, making it easier and simpler to use.
  • Often comes with profiling features and in-depth analysis.

Cons of Agent-Based SAM Tools

  • Monitoring limitations.
  • If your SAM tool vendor also provides you a Cloud platform, it will be difficult to ever switch platforms since it will mean losing your SAM tool.
  • Often hardware expenses and licensing expenses are higher compared to its agentless counterpart.
  • The agents that are running are added to your CPU, memory and disk space on the monitored systems, which could then in-turn affect performance.
  • You will need to install both the central system in addition to the installation of all the agents on each server.
  • Maintenance will often prove to be labor intensive, especially if the deployment process is not automated.
  • Not every system will allow the installation of the agents.
  • Often requires a level of skill to harness the full potential of all the features.

How SAM Tools Fit in with a Good SAM Maturity Strategy

Every SAM strategy needs a good SAM tool to back it up. However, reaching that peak performance of software asset management — where you are completely compliant, cutting costs and gaining complete visibility into your software licensing environment — isn’t something that you gain as soon as your SAM tool is up and running.

The 5 Stages of SAM Maturity

There are actually five stages of SAM Maturity:

  • Chaos:
Symptoms:
    1. Your software environment is a mess, you have no visibility, no SAM tool installed, and every software audit is simply a matter of putting out fires.
Goals:
    1. Simply gain visibility and get a picture of what you have.
  • Reactive:
Symptoms:
    1. You have one or multiple SAM tools, and you are starting to gain visibility into what you have. Audits are still a matter of damage control as your company is only reacting to findings.
Goals:
    1. Use the data the SAM tool has provided you to hunt down licensing issues and gain compliance.
  • Compliance Plus:
Symptoms:
    1. You’ve reached compliance; your software environment is neat and tidy, and you have full visibility and the ability to effectively defend yourself in an audit.
Goals:
    1. You can now start actively looking for savings opportunities in your software environment. * *You need to ensure compliance before you start hunting for savings since attempting to reduce your licenses and cut costs can often incite an audit from software vendors.
  • Optimize:
Symptoms:
    1. All your licenses are in order and are cost-effective without reducing value. Software audits are no big deal because you have full visibility into your licensing environment and any compliance issues are dealt with as they arise.
Goals:
    1. Solidify your hard work to make sure this SAM strategy outlasts you.
  • Amplify Value:
Symptoms:
    1. Not only is your SAM strategy proving effective and useful to your company but now this strategy will continue in the company’s best practices. Savings should begin to accumulate at this stage.
Goals:
    Pick where you want your software environments to grow based on your company’s unique business needs.

As you can see, purchasing your SAM tool is only a single step in your journey to SAM maturity, and it won’t take you straight to the later stages immediately. Now, your company doesn’t have to reach all of these stages, it may only be in your interests to reach the mid-level stages and that’s completely fine. This whole process from beginning to end represents roughly a year of effort from your SAM team.

How Do SAM Tools Work in the Cloud?

Everyone is heading into the Cloud, and for good reason, as it provides its users with flexibility and a pricing metric that is often comparatively cheaper than their on-prem counterparts.

One of the main appeals the cloud offers is the ability to use a pay-as-you-go model of payment, where you only pay month-to-month and only for what you need.

Surely this means that software asset management is no longer needed, since the confusing licensing part of it is handled by your provider and you can sleep easy at night, right? What companies often don’t realize is that SAM is now more important than ever, especially when it comes to the Cloud.

What Makes SAM so Essential?

  • Migrating to the cloud is often an expensive process as licenses are transferred, replaced with their Cloud equivalent, or purchased for the first time. We have seen many companies halt their Cloud migration or replace their original full migration with a hybrid solution simply because of unforeseen expenses.
  • Shadow IT becomes a huge risk in a Cloud environment. In the old, on-prem days, purchasing licenses often required negotiating contracts, an activity which would require weeks. Now, it’s easier than ever for a customer to purchase licenses, all they need is a credit card, an account, and an afternoon. The pay-as-you-go pricing models also makes it difficult to anticipate what the year-end cost will be.

Related: Get a comparison of the three major Cloud Platforms: AWS vs. Azure vs. Google Cloud

Why Do SAM Tools Often Fail?

Software Asset Management has taken on a slow adoption in the business world at large, with under 20% of companies worldwide having some sort of SAM practice in place, with the vast majority of them taking on SAM during some kind of event: either a software audit or when the Cloud migration expenses hit the CFO as gently as speeding freight train.

However, even looking at the percentage of companies that have SAM and don’t just take it out for special occasions, there is a vicious cycle that has become apparent.

The “Trough of Disillusionment” is what Gartner calls the realization companies experience over either 6, 12, or 24 months that their SAM tool can’t deliver, with only 25% of enterprises expressing satisfaction with their SAM tool in 2020. So, what are the causes of this dissatisfaction? There are a few things that contribute:

The Silver Bullet Solution

Companies assume that their SAM tool is the silver bullet which will save them from all their compliance issues. They are often disappointed when SAM tools fail to live up to the expectations put on them. That is because the tool is just that – a tool.

Tools need to be in the hands of the right people to get the results you want. It’s the people who drive the success, and a strong SAM strategy often requires a team of full-time professionals to get the job done.

We have seen companies who have thrown the task of the entire SAM process into the lap of some unlucky member of IT or Procurement; someone who already has a full-time position and who can’t possibly deliver the results you need using only their spare time.

When building a proper SAM team, you’ll need to consider the following skills:

  • Legal Expertise with a specialization in contracts and/or software contracts in particular.
  • Negotiation Expertise — you’ll need someone who knows how to make deals with the software vendors.
  • Software vendor specialization, software vendors are inclined to modify and update their software products and their licenses frequently (up to hundreds of times a year).
  • Experience dealing with tech would also be considered an asset.

Finding any one person who encapsulates all these skills will be difficult if not impossible.

Implementation Failures

The way that SAM tools are implemented and used can also have an impact on your overall success rate. There are a few common scenarios that are seen when companies first begin to implement SAM:

  • They don’t know what success looks like, they enter into the project without thinking of their end goal. Working backwards from a goal will help you build an implementation plan while also ensuring that you know what ‘done’ looks like.
  • They try to do everything at once, organizing your entire infrastructure will not happen immediately. You will need to set up a tight scope: start with a few of your vendors at first and eventually branch out.
  • They see SAM as a single event; however, SAM is really something that should be considered as a continued service – something that you are slowly but surely moving towards improvement.

The Shortcomings of SAM Tools

There is a reason why SAM customers often purchase their tool with high expectations and that comes from the fact that many SAM tool vendors often promise things that their tool simply can’t deliver on, giving their customers a false sense of security. SAM tools come with many potential shortfalls that you must be aware of when purchasing your SAM tool, such as:

Naming Conventions

SAM tools get confused when confronted with unique naming conventions, test/development environments, and updated licensing rules. This often results in licenses being skipped, mislabeled or counted twice.

Solution: Make sure that your SAM tool can label specific devices correctly, which may require manual intervention that requires a SAM team.

Remote Users

If you use remote server access software like Citrix then your SAM tool may only count one installation, when in fact there may be many.

Solution: You can use manual workarounds to identify remote server access and fix this issue prior to being confronted with it during an audit. You can also pull your remote access users from your Active Directory into a user-based license record within the tool.

Unique Licensing Metrics

Basic SAM tools can count users, devices, processors, or cores. If your software publisher has anything more unique than that as a licensing metric, such as CALs with SQL Servers or Sub-capacity licensing with IBM, then you may run into some issues.

Solution: This is also capable of being overcome with manual intervention, although the challenge is that these licensing metrics are extremely complicated, so you might need a licensing expert available for your particular metric. You can also check out our tools which are specifically designed to handle difficult licensing challenges.

Cloud Struggles

As many businesses are moving to the Cloud, they often find that their SAM tool struggles to accommodate for the transition. In some cases, the SAM tool will use a connector to access the company’s portals for their Cloud solutions and pull data in from there but where this occurs, it is often prone to error.

Solution: To improve your SAM tool’s accuracy you can retrieve the reports manually and upload them into your SAM tool. It’s encouraged that you do this on a monthly basis.

License Keys

SAM tools can find it challenging to detect ‘invalid’ license keys if an employee brings a software license into the company from a personal account. SAM tools may read these keys as valid, but the software vendors certainly will not. Some vendors are particularly sensitive about these ‘invalid’ keys. They will ask to review them for fear that your organization has duplicated licenses or is even pirating their software.

Solution: Suspecting that your software environment contained pirated licensing material will make any audit that much more difficult because you’ll be confronted with battling against legal penalties in addition to the audit findings. You need to create a custom script to identify invalid license keys and tag any potential issues. You can also advise employees to not bring in personal licenses without authorization as well.

Activated Features

While SAM tools are great for counting the number of licenses, they often have trouble detecting activated features of a product. Take Oracle as an example, Oracle licenses their products cheaper if features that are a part of the product are ‘turned-off,’ but Oracle has very few restrictions in place to prevent customers from using or activating these features. This can then result in heavy auditing fines if these activated features are discovered in your software environment.

Solution: Keep track of specific license edition types, set user permissions on licenses and tell your users not to activate specific functionalities without seeking confirmation from authority.

Want to more details? Check out our webinar hosted by CEO Mike Austin: The Failure of SAM Tools

How to Avoid Getting a Worthless SAM Tool

  • Learn to Verify the Accuracy of the Data
    1. One great way to avoid a worthless SAM tool is verify its accuracy within your software infrastructure. There are three ways to do this:
  • Physical Spot-Check:
    • Test a small sample of assets (e.g., 20 devices) and compare the records your tool collects on them based on manual investigations into each device.
  • Lifecycle Checks:
    • Constantly cleanse your tool’s asset data by asking your IT staff to verify asset data as a part of their ITSM daily duties. They could easily verify things like ownership of assets when a ticket is raised against it, they can also check departments, specifications or configurations.
  • Compare Asset Data with Other Sources:
    Compare your SAM tool against other large data sets that you have in your environment, such as your SCCM data or your Active Directory Accounts, which leads us into the next point.
  • Get More than One
    1. As great as it would be for a single do-it-all SAM tool to exist, we’re still a long way away from that place. We have seen that in general, installing a single SAM tool only increases visibility of the company’s infrastructure by 20%. Typically the use of a second tool is needed to cross reference the quality of data or fill in any missing gaps. This will often increase the company’s visibility to a level where meaningful action can be taken to reduce compliance exposure and licensing issues.
  • Get Someone Who Can Manage It
    1. Lastly, it’s important to have a team of people in charge of managing your SAM strategy. You can either hire someone in house, hire a third-party consultant to handle the task, or you can get a hybrid solution for your SAM needs. There are many pros and cons to each of these solutions, which we discuss in length in our article:
Hire a Software Asset Management Expert or Do it Yourself? The Pros and Cons of Each.

Introducing our SAM Tools

At MetrixData 360, we have state of the art tools of our own that we’d like to offer you, our SAM tools are unique in the fact that they:

  • Are designed with the intention of saving you money
  • Take a holistic approach to the examination of your data
  • Simplify complicated jobs
  • Come with expert assistance
  • Safe to use

The Tools We Offer

Active Directory Reporting Tool

Your Active Directory (AD) is the first and most critical step for determining your user and device counts. Although using AD is not an exact science, it is what Microsoft Auditors use as a guide to determine Qualified Devices/Users. So, you will want your AD as clean as possible, to reflect what you actually have and use.

However, your AD is often the area of your software environment that is cluttered and full of noise. MetrixData 360 has created an amazing tool which can determine qualified devices and qualified users in your Active Directory, which can be set to either standard or specific criteria and used to obtain accurate information.

Office 365 Reporting Tool

Your Office 365 license is critical for ensuring productivity for your business, but how can you be certain that your company is making the most out of the licenses they have when overspending on software is so common? Take control of your Office 365 licenses with MetrixData 360’s in-house solution to identify waste and overspend in your Office 365 Subscriptions with our Office 365 Reporting Tool.

Azure Usage Tool

Azure is an amazing platform that can offer your company streamlined productivity and versatility. However, it can also be extremely complicated. With organizations easily owning hundreds of Azure related products that they need to pay for every month, it can be a challenge to understand where all your organization’s Azure spend is coming from.

If you try to break down your cost using the invoices found in your Azure portal, you will find a nightmare of complicated data spreadsheets waiting for you – which is where MetrixData 360’s Azure Usage Tool comes in. Our Azure Reporting tool is custom-tailored to decipher Azure’s complex pricing and break it down into easy to understand and utilize information.

SQL Licensing Optimization Tool

SQL Server Licensing may be one of the most confusing license models that Microsoft has today. Even the biggest SAM tools on the market have a hard time truly optimizing SQL Server licensing. Usually, other tools will produce a simplified version of the data that doesn’t provide the in-depth analysis customers need to take meaningful action to organize their SQL Servers.

Our algorithm will provide a comprehensive view of your SQL Server Licenses, taking months of work and cutting it down to a few minutes. This is done to ensure your SQL Licensing is completed in the most cost-effective way possible, regardless of if you are on-premise, in the cloud, have Software Assurance, purchasing through an EA or a Server and Cloud Enrolment (SCE).

Windows Server Licensing Optimization Tool

Your environment is likely very dynamic and not static. You will have Virtual Windows (VMs) servers moving across VMWare hosts or VMs that are moving from on-premise to a public cloud. How do you manage these licenses?

Many organizations simply purchase licenses as they need them and never look to reset and re-optimize those licenses. Truth be told, it’s likely because it’s a very difficult thing to do. Our Windows Server License Optimization Tool has been developed to help clients quickly figure out the best use of their Windows (and System Center) licenses.

Learn More About SAM Tools

Buying a SAM Tool can prove a difficult experience because the market is saturated with tools that are only designed to sell you more tools.

It is important that you purchase SAM tools of quality. These products are the things that will keep you compliant. They will be the backbone of your defense in a software audit. They can ensure your transition to the Cloud is smooth and cost-effective. And they can give you back control over your software licensing environment.

At MetrixData 360, our goal is to save you money and get the most out of your software purchase, which is why we offer tools that are designed to save you money, time, and frustration. If you’d like to learn more about the tools we offer, you can check out our Tool Catalogue.