Software constitutes as much as 20% of a typical IT budget. Not only does that constitute a large amount of money, software license compliance also represents a huge risk to companies. The Business Software Alliance (BSA) tracks the rate of piracy world-wide. The following quote demonstrates the extent of the problem (http://www.bsa.org).
The retail value of unlicensed software - representing revenue "losses" to software companies - broke the $50 billion level for the first time in 2008. Worldwide losses grew by 11 percent to $53 billion. Excluding the effect of exchange rates, losses grew by 5 percent to $50.2 billion.
To the average business, that is not in software development, this at first may seem just like an interesting set of statistics. It is important however to realize that the piracy that is being reported is most certainly occurring in each and every one of your organizations; intentionally or not.
Once again from the BSA, here is a definition of piracy (or in other words being out of compliance):
Software piracy is the unauthorized copying or distribution of copyrighted software. This can be done by copying, downloading, sharing, selling, or installing multiple copies onto personal or work computers. What a lot of people don't realize or don't think about is that when you purchase software, you are actually purchasing a license to use it, not the actual software. That license is what tells you how many times you can install the software, so it's important to read it. If you make more copies of the software than the license permits, you are pirating.
Fines and penalties for being out of compliance, meaning having more licenses installed than you have entitlements for, has severe ramifications.
- There is the unexpected financial burden for purchasing the license that were not budgeted for
- Potential for an additional US$1,500 fine for each and every license that was not properly licensed
- The loss of business during the auditing process (assets can be seized)
- The lost of goodwill when the offense becomes public
And audits are becoming more and more common. At the Gartner IT Financial, Procurement & Asset Management Summit last October 2008, a room of approximately 150 attendees were asked to show by a raise of hand how many had had a software audit in the last 12 months. The majority of the room raised their hands. Articles on gigantic settlements are easy to find in the media. So there is no doubt that getting a handle on software license compliance is critical and needs to be timely.
All of the above is probably not new to you but few companies have actually gotten a good grip on the challenge. We know we should do it but it is such a daunting task. Many companies that have been successful started with the software from companies that historically have raised the most notice.
The first is Microsoft; more often not so much as an audit to come after piracy but as their normal means of doing true-ups on Enterprise Agreements (EA). Many employees of companies with EA's mistakenly believe that when their company has an Enterprise Agreement it means that the employees of the company can install as many copies of the software without having to keep track or paying for each individual copy. That is not the case. EA's are typically for a three year period. On the first and second anniversaries of the EA, the total number of licenses that are installed need to balanced against the original agreement and the incremental increase of the number of licenses that are installed must be paid for. On the third anniversary, again there is a true-up but it is generally done along with the renegotiation of the EA.
The other software companies that have gotten publicity for performing audits of their customers are Adobe, Symantec and Oracle. In each of these cases, it is generally limited to collect for licenses in use for which the license has not been paid for. The majority of the audits to date have not involve huge fines or any civil action.
Lastly, there are the headline type of audits for which there have been extremely large fines. These have seemed to center around pirated media and include criminal penalties for reproduction and distribution. It may be safe to say that those instances are rare and not usually found in the normal day to day operations of an organization; Or at least you certainly hope so.
Tracking Software License Compliance
As with the example of the Enterprise Agreement, there are a lot of different license types out there and they have various details that need to be tracked. Here is a list of various types along with some considerations that go with various types:
- Per Node
a. Single User
b. Named User - need ability to document user name(s)
c. Per Seat Client Access Licensing (CAL); available for the following Microsoft products:
- Processor based licensing - Unix calls them Threads
- Per Processor Licensing - Server products where it acquires a Processor License for each processor in the server on which the software is running. A Processor License includes access for an unlimited number of users to connect from either inside the local area network (LAN) or wide area network (WAN) or outside the firewall.
- Site License
a. Definition of what is a site
- IP address, department, building, company intranet, city, time zone, …
- Site limitation (i.e. distance restrictions)
- Can the site change?
- Limit to the number of license (also referred to as Multi-User License)? For example: The license permits you to install the program on the specific numbers of computers entirely within your family, organizations and corporation within one particular specified location (e.g. office). (http://www.sameshow.com/buy/license.html#2)
b. May need to document covered site - Single customer site or location; Provide place to store ranges of network addresses
c. Academic - document limitations; for example: A Site License grants an educational institution license to use a large collection of ESRI software products on an unlimited number of the institution's computers on one campus. The software may be used for teaching, research, and administrative purposes. Any form of commercial use is explicitly prohibited. Distribution of the software to licensed end users on campus and other administrative maintenance of the Site License are handled by a Site License Administrator or Coordinator designated by the educational institution. (http://www.esri.com/industries/university/education/faqs.html#define)
- Enterprise Agreement; sometimes referred to as Volume Pricing - there is often an overlap of the definition of Site License and Enterprise License. Sometimes have anniversaries where you have to true-up on the number of licenses being used.
- Concurrent Licensing
a. May use CALs (flag); license keys may or may not be required
b. May be tied to a specific server; allow server name to be recorded
c. Most are self-metering; won't permit users if no licenses are available
d. Could be passive
e. Are surges/overages permitted? By what number or percent?
- Usage or capacity metrics - for example the number of tickets/assets/mgs/accounts
- Competitive Upgrades - document that the competitive product was purchased
- Virtual SW - terms may allow multiple copies; one on the host and another on VMware
- Streamed SW such as AppStream
- Other (non-licensed), including open source
a. Freeware/Unlimited
- Need to be noted as such, not just a bogus high number in single-user type
- Need copy of T & C's
b. Careware - document what organization is getting the donation and whether or not it is a tax credit
c. Shareware
There are two parts of standard software compliance. Knowing what your entitlements, as defined by the type of software license, are and knowing what is installed. Figuring out what is installed is for the most part straight forward (for now we are going to side-step a discussion of suites such as Microsoft Office, or Adobe Professional Suite). Inventory Solution, through the Symantec Agent, can be configured to do a regular scan of the software on end-point computers as well as gathering the information from the Add/Remove registry on Windows machines. There is also a way to get software audit information on computers that are not running the Symantec Agent through a variety of methods (http://www.altiris.com/Support/Documentation.aspx).
The tracking the entitlements takes more work. There is a lot that is common across the types of software licenses and there are specific details that need to be documented. First and foremost you need to identify what type of software licensing is being used for a piece of software being used in your environment.
Asset Management Suite
The Asset Management Solution comes, out of the box, with two common software license types. The first is Per Installed Node. This is where the license is per device or computer. No matter who logs onto the computer, they have the right to use the particular software on that machine that is Per Installed Node licensed.
The other type is called Concurrent . This is generally monitored by the software itself. For example Asset Management Solution is Concurrent licensed. These are frequently referred to as seats, as in individuals in a seat using the software. You may have purchased 5 seats of Asset Management Solution. When a sixth person attempt to do functions in the Notification Server console which consumes an Asset Management Solution license, they will receive a message that there is not a license available and that they should try back later; kind of like a telephone busy signal.
As we saw earlier in this article, there are many other types of licenses that you might want to track. It is easy to add additional type for selection when defining a software license. The tricky part comes in the reporting.
The rest of this article is going to show you how to expand the 6.5 version of Asset Management Solution to track additional types of software licenses. I will also give you a couple of examples of reports to help you monitor your software licenses.
The steps we are going to go through are:
- Expand the License Type field to have additional choices on the drop-down list.
- How to assign the new License Type to a software license
- How to report all of you software licenses
- How handle compliance on newly added software license types.
I. Add selections to the License Types field value selector in the Software_License_Details data class.
A. Go to Configuration > Resource Settings > Data Classes >Contract Data Classes > Software License Data Classes.
B. Edit the License Type attribute by clicking the pencil icon to the left of the Name License Type.
C. Edit the list of values for Type by clicking the Edit button on the right side of the screen.
D. Add new value by typing them in and clicking the Add. Consider your list before you enter them since you will not be able to reorder them. If you want them to display in alphabetic order, you must enter them in that order. The first entry will be the first one in the list and the last will be the last one.
II. Now, to enter a software license, you can select the type of license from the pull-down list.
III. To report all of your software licenses, we are going to take a report that comes with the Asset Management Solution and add a column to it that shows the type of license. We will also add a run-time parameter so you can filter out one or some of the software license types. You can also take the filter logic and turn it around to only include a specified software license type.
A. Drill-down to Reports > Assets and Inventory > Contract Management > Software Licenses > Software License Compliance and right-click on the name of the report.
B. Select Clone and name your report something like 'Software License Compliance with License Type'.
C. Edit your copy of the report and add the lines that are bolded below (anything following two dashes (-) is considered a comment and you do not have to add to the SQL code). You can simply cut and paste the following code in place of the query that you cloned.
declare @CurrentLicense uniqueidentifier, @LastError int, @CurrentInstalled int
--remove rowcount constraints as this will limit result sets - default for reporting is 50000
SET ROWCOUNT 0
set @CurrentLicense = %_LicenseGuid%
set @LastError = 0
if(object_id('tempdb..#Compliance') is not null)
begin
drop table #Compliance
end
if(object_id('tempdb..#Installed') is not null)
begin
drop table #Installed
end
create table #Compliance
(
_ResourceGuid uniqueidentifier primary key,
[License Name] nvarchar(250),
[License Type] nvarchar(64),
Purchased int,
Upgrades int,
[Borrowed License] int,
Installed int,
[Non-Inventoried Installs] int,
[Donated License] int,
Compliance as (Purchased +[Borrowed License] - Upgrades - Installed - [Non-Inventoried Installs]-[Donated License])
)
if( (@CurrentLicense is null) or (@CurrentLicense = 0x0) )
begin
insert #Compliance (v._ResourceGuid, [License Name], [License Type]) -- don't miss the comma
select v._ResourceGuid, Name, [License Type] from vSoftwareLicense v -- the v is added
join Inv_Software_License_Details d on v._Resourceguid = d._Resourceguid
where lower([Name]) like lower('%'+%Name%+'%')
and d.[License Type] <> '%FilterOut1%' -- these two lines are optional and for filtering out
and d.[License Type] <> '%FilterOut2%' -- license types (run-time parameters)
end
else
begin
insert #Compliance(v._ResourceGuid, [License Name], [License Type]) -- don't miss the comma
select v._ResourceGuid, Name, [License Type] -- don't miss the comma
from vSoftwareLicense v -- the v needs to be added
join Inv_Software_License_Details d on v._Resourceguid = d._Resourceguid
where v._ResourceGuid = @CurrentLicense -- the v. is new on this line
and lower([Name]) like lower('%'+%Name%+'%')
and d.[License Type] <> '%FilterOut1%' -- these two lines are optional and for filtering out
and d.[License Type] <> '%FilterOut2%' -- license types (run-time parameters)
end
if( (select count(*) from #Compliance) > 0 )
begin
--get a cursor of licenses
DECLARE #Licenses CURSOR
FOR select _ResourceGuid from #Compliance
FOR READ ONLY
OPEN #Licenses
FETCH NEXT FROM #Licenses INTO @CurrentLicense
--prepare a temp table for the installed values
create table #Installed
(
Value Int,
EvaluationDate dateTime
)
create table #sharing
(
[IsBorrower] bit,
[SharingNumber] int
)
WHILE( (@@FETCH_STATUS = 0) and (@LastError = 0) )
BEGIN
--installs
if(@LastError = 0)
begin
delete #Installed
delete #sharing
if(@LastError <> 0) set @LastError = @@error
end
-- run operation and installation/Sharing
-- license sharing
if(@LastError = 0)
begin
insert #sharing
exec spCon_SoftwareLicenseRunOperation @CurrentLicense, 480, '%_culture%'
if(@LastError <> 0) set @LastError = @@error
end
if(@LastError = 0)
begin
insert #Installed
exec spCon_SoftwareLicenseRunOperation @CurrentLicense, 300 , '%_culture%'
if(@LastError <> 0) set @LastError = @@error
end
if(@LastError = 0)
begin
set @CurrentInstalled =0
select @CurrentInstalled = Value from #Installed
update #Compliance
set Installed = isnull(@CurrentInstalled, 0)
where _ResourceGuid = @CurrentLicense
if(@LastError <> 0) set @LastError = @@error
end
if(@LastError = 0)
begin
declare @borrowed int, @donated int
set @borrowed=0
set @donated =0
select @borrowed = SharingNumber from #sharing where IsBorrower =1
select @donated = SharingNumber from #sharing where IsBorrower =0
update #Compliance
set [Borrowed License] = isnull(@borrowed, 0), [Donated License] = isnull(@donated, 0)
where _ResourceGuid = @CurrentLicense
if(@LastError <> 0) set @LastError = @@error
end
if(@LastError = 0)
begin
FETCH NEXT FROM #Licenses
INTO @CurrentLicense
if(@LastError <> 0) set @LastError = @@error
end
end
if(@LastError = 0)
begin
--upgrades
update #Compliance
set Upgrades = isnull(u.Upgrades, 0)
from #Compliance
left join
(
select _LicenseGuid, sum(Quantity) as Upgrades
from vCon_SoftwareLicenseUpgrades
group by _LicenseGuid
)u
on u._LicenseGuid = #Compliance._ResourceGuid
if(@LastError <> 0) set @LastError = @@error
end
if(@LastError = 0)
begin
--purchases
update #Compliance
set Purchased = isnull(p.Purchased, 0)
from #Compliance
left join
(
select _LicenseGuid, sum(Quantity) as 'Purchased'
from vCon_SoftwareLicensePurchases
group by _LicenseGuid
)p
on p._LicenseGuid = #Compliance._ResourceGuid
if(@LastError <> 0) set @LastError = @@error
end
--non-inventoried installs
if(@LastError = 0)
begin
update #Compliance
set [Non-Inventoried Installs] = isnull(nii.niiInstalled, 0)
from #Compliance
left join
(
select _ResourceGuid, sum(Count) as 'niiInstalled'
from vCon_SoftwareLicenseNonInventoriedInstalls
group by _ResourceGuid
)nii
on nii._ResourceGuid = #Compliance._ResourceGuid
if(@LastError <> 0) set @LastError = @@error
end
--calculate compliance
CLOSE #Licenses
DEALLOCATE #Licenses
--return results -- remove the following line or add --
-- select * from #Compliance order by [License Name] --at the beginning to comment it out
select _ResourceGuid , --this column won't display but allows the right-click functions
[License Name],
[License Type],
Purchased,
Upgrades,
[Borrowed License],
Installed,
[Non-Inventoried Installs],
[Donated License],
case -- you can add your own logic
when [License Type] = 'Site' then 'Site License' --this is an example
else cast(Compliance as char(15)) -- change 15 to as long as you need
end as 'Compliance'
from #Compliance order by [License Name]
drop table #sharing
end
else
begin
select top 0 null as [No Results]
end
if(object_id('tempdb..#Installed') is not null)
begin
drop table #Installed
end
if(object_id('tempdb..#Compliance') is not null)
begin
drop table #Compliance
end
D. Save your edit and then add two parameters if you choose to include them. They allow you to filter out one or two license types. You can actually use string matches with wildcards to filter out even more types if you want and it works. The parameters are identical except for their names, which are case sensitive.
Note: If you are more gifted with SQL than me, you might want to add a blank line to the results in the Value list so that when you run the report you don't have to always blank out the default value (the first one in the list) if you are not going to do any filtering.
IV. Compliance is going to depend on what type of software license you have. For example, in the report above, I added logic where a software license type of Site will not do the arithmetic of installs against purchased and borrowed licenses. For example on a Microsoft Enterprise Agreement, you may have initially contracted for 500 licenses and have not yet come to your anniversary where you are going to true-up. You may not want a report showing be out of compliance (a negative number) but might want to show the number of additional licenses that would need to be purchased if the true-up happened today. The code in the report would simply take the negative number and turn it into a positive along with a note to the effect that there is an obligation there.
The case statement could look like the following:
case
when [License Type] = 'Enterprise'
then 'True-up obligation: ' + cast(abs(compliance) as char(4))
when [License Type] = 'Site' then 'Site License'
else cast(Compliance as char(25))
end as 'Compliance'
Here is what your report would look like (I rearranged the column order to show the compliance):
Conclusion
There are a number of reasons for keeping a good handle on software licenses. There are real dollars to be saved from not over purchasing license as well as the risk and penalty cost to be avoided by not under purchasing software licenses. The Altiris Service and Asset Management Suite provides all the means for tracking your software license compliance. If you have license types that are not provided out of the box, they can be added with very little time and effort. And with a bit of tweaking of the Software Compliance report, you can know where you stand.