SAM Minds Your IT Assets

Many IT managers would fail tests on knowing what software assets are on their systems, how many copies are installed, and what their license requirements are. Often, internal audits or receipt of a dreaded Business Software Alliance (BSA) or Microsoft auditing letter will reveal many more unlicensed programs on the organization’s PCs, servers, mobile assets, or other devices than the IT department was aware of. Proactive software asset management (SAM)—an organized process for tracking and managing licenses and software usage in an organization— offers a way to avoid unpleasant auditing surprises. To better understand how a SAM strategy might benefit your organization, it’s helpful to know the components of SAM—particularly its usefulness in license management, get acquainted with SAM products that can help you manage software and other IT assets, and become familiar with SAM trends, such as the use of configuration management databases (CMDBs) in SAM implementations.

SAM and Licensing Compliance
SAM encompasses a number of components, technologies, departments, and processes to manage an organization’s software assets, including

• procurement and licensing
• deployment and patching
• discovery, metering, and license management

A SAM strategy could include the use of asset-discovery tools, application metering, and license repositories, all of which can help you get a grip on what’s in your software library and determine whether you’re in compliance with licensing requirements.

The license-compliance aspect of SAM involves different departments, including purchasing, accounting, and IT. These departments often use dissimilar processes and programs to track assets, contracts, and licenses. Getting all concerned parties to use a consistent set of license management procedures might be the biggest hurdle to an effective SAM plan. Contracts and licenses could still be on paper and not entered in an electronic repository. Accurate procurement records might be stashed in a filing cabinet in the basement in no particular order. Assets may have succumbed to “PC drift” (i.e., the undocumented movement of PCs from one area or user to another) and could be impossible to track down.

The SAM standards issue is garnering so much interest that the ISO and International Electrotechnical Commission (IEC) developed ISO/IEC 19770-1:2006, a standard that organizations can use to plan and implement SAM. (You can download a copy of the standard, for a fee, at www.iso.org/iso/catalogue_detail?csnumber=33908.)

SAM for Audit Preparation
The importance of having a SAM strategy in your organization becomes evident when you face the prospect of an audit. Say you receive a letter from an industry association or software publisher notifying you of a vendor audit, generally within 14 to 60 days of the letter date. The auditor will bring a software asset-discovery tool and search your network devices, PCs, and mobile devices for applications. Then the auditor will ask you to provide proof of licensing compliance for all software assets. Gulp! Time to cram. If you’ve been notified about an audit and are scrambling to prepare for it, here’s what you need to do:

• Use a discovery tool to find all your software assets on PCs, servers, other network devices, and mobile devices.
• Meter usage of the assets to determine how each is used and how often.
• Build your license repository to compare it with your assets for compliance.

The best way to complete all these steps is to get a SAM solution that will automatically plug into your network, find the assets, meter usage, and compare the license repository with the asset information. Alternatively, you could opt for a tool that performs a particular SAM task (e.g., creating an inventory of assets).

SAM Products
Ideally, you’ll be looking for a SAM product well before you receive any type of compliance request. Then you can set up a SAM lifecycle solution that will not only make sure you’re prepared when the auditor walks in the door but also help you get a handle on your software assets for better organization, budgeting, and legal compliance. The following partial list of SAM products can give you an idea of the types of features such solutions provide. (Also see the sidebar “Guidelines for Evaluating SAM Solutions,” page 25, for a list of questions to ask SAM vendors when you’re looking at products, and the Web-exclusive sidebar “SAM Vendors and Resources,” www.windowsitpro.com, InstantDoc ID 98247, for contact information for the SAM resources mentioned in this article.)

CA Unicenter Asset Portfolio Management
This comprehensive asset management solution aims to facilitate the collection and sharing of information among IT, accounting, and purchasing to give you a clear picture of your organization’s software assets, including licensing. IT might have a firm grasp of its network and software assets, but without licensing information, a compliance assessment is worthless. If you add purchasing and deployment to the mix to determine whether too many or too few licenses are procured and how the assets are deployed, gaining a comprehensive understanding of the entire process could be a nightmare. Asset Portfolio Management not only can give IT administrators and business managers the full view of IT assets and license compliance, it might also unearth options for better procurement and deployment efficiencies, cost management, and streamlined processes.

HP OpenView AssetCenter
This solution is designed to manage your IT asset management lifecycle from procurement to management and retirement. AssetCenter lets you compare business goals and the software tools necessary to accomplish those goals with what’s in your software asset library. This comparison capability could save you from having to buy additional products and licenses if you already have the assets on hand. Then you’ll need to monitor changes in the IT infrastructure so that assets aren’t lost when new employees are assigned new assets or existing assets are reassigned. AssetCenter consolidates IT asset information in a CMDB repository, including user information (more about CMDBs a little later). It also includes a license repository for ongoing monitoring of asset procurement and usage.

LANDesk Management Suite
LANDesk’s asset lifecycle solution provides discovery, metering, and license-compliance features. The LANDesk Management Suite also lets administrators set policies to stop use of unauthorized or unlicensed software. An IT admin can set policies for unauthorized programs or types of programs, such as games and audio and video players. AssetCenter’s remote control module lets administrators delete unauthorized programs from users’ computers, even if the users are off the LAN and working remotely.

Absolute Software’s Computrace
Computrace is geared toward organizations whose asset management concerns are mainly about security or PC drift. Since most discovery tools provide only an asset snapshot, assets that move around might easily get lost. Computrace enables asset tracking, policy setting, and remote control, but its differentiator is the client agent. The agent proactively reports to a monitoring center the asset’s MAC address, any configuration changes made to the asset, and policy violations. Computrace also includes a LoJack for Laptops option, a theftprotection service that tracks, locates, and recovers stolen computers. Computrace can be embedded in a computer’s BIOS firmware at the OEM factory or installed on a computer’s hard drive. When embedded in the BIOS, Computrace will survive OS reinstallation, hard-drive reformatting, and even harddrive replacement. Computrace is supported on 32-bit versions of Windows Server 2003, Windows XP, and Windows 2000 and 32-bit and 64-bit versions of Windows Vista as well as on Mac OS X.

Continued on page 2