Has inventory data become a commodity? Perhaps it’s time to think again
Over the last few years, there has been a trend within the SAM and ITAM communities to view inventory as a commodity item – the ugly duckling to swan-like process-driven platforms.
Unfortunately, this attitude puts the fundamental aims of SAM at risk for two critical reasons: First, not all inventory is equal and second, there is no such thing as a one-size-fits-all inventory solution.
While it’s true that inventory alone will not deliver cost savings or compliance, trying to perform SAM without the right inventory data is like trying to build a jigsaw with a bunch of pieces missing.
Not all inventory is equal
There are literally hundreds of tools available – some free, some commercial – that claim they will provide you with visibility of the hardware and software assets on your network. That’s great. But are they accurate? Are they easy to deploy? Can they effectively report audit data back across dispersed networks?
Creating an effective inventory solution is harder than you might think. There are a multitude of network vagaries and configuration discrepancies that a tool needs to overcome if it is to successfully collect and return data.
Thinking about the requirements of SAM in particular, it is how this returned audit data is then processed that is of particular importance. Most inventory tools can tell you that they’ve found ‘excel.exe’ installed on a Windows PC (along with another 2,000 or so files!). But how much use is that to a software manager trying to establish if their organisation is compliant with Microsoft licensing?
Far better for the software manager is to be presented with actionable intelligence that tells him what version and edition of Excel is installed on the PC and that it’s part of an Office 2010 Standard installation.
To make the leap from ‘bits and bytes’ audit data to actionable SAM intelligence, the inventory solution needs a software recognition engine, either in-product or as a service. Or perhaps ideally, both.
For those solutions that rely on a static software recognition ‘dictionary’ (sometimes called a ‘library’), there is often little that can be done by the customer when (and not if) an audited file cannot be automatically recognized by the engine. Essentially the file ends up in some form of black hole.
A software recognition service that combines both in-product instant recognition plus the automatic submission of unrecognized files to a team of software experts offers perhaps the best way of truly understanding what commercial software is installed on the network. This is hardly a commodity item.
Another often over-looked data set is software usage – sometimes referred to as metering. Having the ability to track whether installed software is actually used regularly can be extremely beneficial to making informed decisions about re-harvesting software, arguing the case in compliance situations and tracking user behaviour. But sometimes it’s not simply enough to know if a program is executed – you need to know by whom and for how long, or how regularly.
One size does not fit all
As much as we like to talk about simplification, the fact is that corporate networks have never been more complex, and the chances are they will only get worse in the coming years. Whether the organization is running multiple platforms (how many Windows-only networks are there in organizations with more than 1,000 employees today?), hosting applications in the Cloud or employing multiple hypervisor technologies, it has never been more difficult to track the assets deployed across the network (and beyond).
From a SAM and ITAM perspective, the real problem is that many inventory tools simply aren’t designed for today’s networks. Sure, they can audit a Windows PC (accepting the caveats above regarding software recognition and usage tracking) but what about Mac or Linux machines? What about tracking the use of Cloud-based applications? What about the ability to determine guest/host relationships on multiple hypervisors such as VMware, Hyper-V and Citrix XenServer?
This unfortunately leaves ITAM and SAM managers with an uncomfortable choice. Do they use a single inventory tool and accept that there will be parts of the network missing from the data set (as in the jigsaw analogy I used to open this blog)? Or do they invest in multiple solutions and try to piece together the different data feeds into a coherent picture (perhaps like trying to build the jigsaw in the dark)?
Piecing together the jigsaw
So perhaps there is more to inventory than meets the eye, after all? Selecting the right inventory solution(s) to meet the organization’s SAM and ITAM goals is a critical decision to get right. Here are five questions to help assess if you’ve made the right choice:
- Do I have full visibility of all the platforms I care about?
- Do I understand the commercially-licensable software installed?
- Do I know / care about whether these licenses are being actively used?
- Do I have enough information to calculate complex licensing obligations (think Oracle or using host configuration to determine virtual licensing)?
- Can I make sense of the data reported?
With regards to the last question, this is where an effective SAM platform can make all the difference. In fact, a good SAM tool can often make sense of the data collected by an inventory tool, even when the source data seems incomprehensible.
For many organizations – especially those with legacy inventory investments that are not easily replaced – they will have little choice but to use multiple inventory solutions to track different parts of the network. In this scenario, having the ability to consolidate the data from these different tools into a single ‘source of truth’ view on the corporate network is invaluable. Better still, if that SAM platform can apply the same consistent data cleansing and software recognition methodologies to the disparate data sets, then the SAM manager is hopefully left with real actionable intelligence rather than just a lot of raw data.
Is inventory data sexy or exciting? No, even I would struggle to argue the case for that one! But by the same extent, I hope I have shown that it is far from a commodity item. Downplaying the importance of the inventory data potentially puts your entire SAM or ITAM program at risk.
Provide your program with the best quality data – or preferably actionable intelligence – and you will be in a better position to drive the desire cost reductions, asset optimization and compliance.
About Peter Bjorkman
Peter is a software and Web entrepreneur with 20 years in the business and more than 15 years of experience in designing and developing software products. As the CTO at Snow Software, he is responsible for the overall roadmap, architecture and design of the Snow Software product line.
Admittedly new to SAM but . . .
Over the last 6 months I’ve be trying to quickly climb the ITAM/SAM learning curve having come from a more general ITSM background and specifically direct IT management.
What I have heard a lot of in the last half year though is a lot of people discussing how this tool or that tool is the “silver bullet” SAM has been looking for. How this or that tool will solve your licensing or compliance issues. What I haven’t yet heard is anyone talking sensibly about exactly how these tools will, in reality and practice actually do this.
Absolutely, inventory data is a corner stone on which SAM must be built. However it is just one corner. The others need to be built up by Accurate & Current License Data, Compliance Expertise (either automated or manually skilled) and solidly embedded & understood processes.
An inventory tool is no use unless it either has an agent on, knows the address of, or is allowed to go find equipment on the network. In order to ensure that this can happen you need to have a process which relevant people both know about and will follow to ensure that said equipment is in one way or another discoverable, deployment teams, packaging teams, network managers, security, developers and so on.
As far back as I can remember we have talked of heterogeneous networks and systems. I haven’t seen this change any. We have a lot more standards and in a lovely splash of irony a lot more “standard things”. However they are all standard more by their own definition than each others or anyone else’s. Finding a tool to go get relevant data back from a Windows, Linux (so many variants), Unix (just as many variants), Z Series, Websphere, DB2, Oracle Tech/Apps/Middleware, SAP all under one hood is the equivalent to finding the black unicorn.
The same can be said for finding an engine capable of providing solid compliance information on the above spread of products and technology that doesn’t rely heavily on the driver being fairly cognizant of the various vendors and their specific requirements and contract forms. And of course the engine will only run on information it has been given so if you have been out and bought a thousand licensing in x but you having uploaded this entitlement into your tool because your process failed or in fact you have no process and check in place then you are non the wiser. Worse still you have bought these licenses and it but it may be that unless you can provide fill proof of license ownership then an audit may still consider you non-compliant.
Let’s say for instance that your data inventory is okay and you have managed to get all of your licenses correctly into your tool and you start the engine. It tells you that in fact you have 500 copies of y product that are largely unused. These are up for renewal in 3 months as well. It suggests you might want to consider harvesting these to free up current entitlement and then possible save having to renew those 500 instances in 3 months time. Even with this, undeniably useful and Board friendly information it is like tormenting a hungry dog with a bone suspended just out of reach unless you have a known and easily repeatable way or removing these installed instances from 500 machines in a way that costs less in effort than it would cost in licenses. Now before last year I would have laughed at this, until I saw this scenario with my own eyes. An organisation that could not cost effectively remove any software whose license cost less than £250 because the cost per MACD with their outsource partner plus internal resource costs were prohibitive. The process was convoluted, incomplete, very manual, required change authorisation where none was practically warranted, in fact it was flawed in every way. And that was in an environment that had a decent config. management system in place.
Let’s not even get started on the number of packages, duplications, titles and versions they had on the go all at one time. Again, lots of great tooling but not enough defined or understood process to bother mentioning.
Anyway, to bring us back to my original destination, it is pointless to discuss SAM or ITAM within the context of a single element that makes up the whole. Having a great tool set and nothing else is like having an engine without the rest of the car. or a house with only one wall.
Unless you are looking at the big picture and considering: tools, knowledge, process and adoption then you might as well not bother implementing SAM and save the money to pay for extra licenses. From a practical stand point you can and will achieve far more by applying a little of each than you will be spending a lot on one.
Despite having been a focus for many years the SAM function in general is still not all that mature. At a point when it becomes easy to run multiple inventory and discovery tools that can provide a single combined set of commonly structured data that can then be interrogated by tools from other vendors sort, combine and categorise ready for tools from other vendors to determine your compliance positions based on best in breed for each vendor or product type either on site or via a cloud service then I think that SAM will continue to fight similar battles in slightly different ways based on what I have seen so far.
I have one final comment on closing. To all those people out there that I have heard talking about a “Silver Bullet” I say this, “You are trying to improve your governance, control and risk position not shoot a werewolf. A silver bullet doesn’t exist so roll your sleeves up and get to it”.
SAM even more so than the more encompassing ITAM isn’t easy and requires a lot of effort to make it happen. This is the fundamental issue that most organisations seem to be failing to either realise or address.
Meis duos denarios
Jim
Admittedly new to SAM but . . .
Over the last 6 months I’ve be trying to quickly climb the ITAM/SAM learning curve having come from a more general ITSM background and specifically direct IT management.
What I have heard a lot of in the last half year though is a lot of people discussing how this tool or that tool is the “silver bullet” SAM has been looking for. How this or that tool will solve your licensing or compliance issues. What I haven’t yet heard is anyone talking sensibly about exactly how these tools will, in reality and practice actually do this.
Absolutely, inventory data is a corner stone on which SAM must be built. However it is just one corner. The others need to be built up by Accurate & Current License Data, Compliance Expertise (either automated or manually skilled) and solidly embedded & understood processes.
An inventory tool is no use unless it either has an agent on, knows the address of, or is allowed to go find equipment on the network. In order to ensure that this can happen you need to have a process which relevant people both know about and will follow to ensure that said equipment is in one way or another discoverable, deployment teams, packaging teams, network managers, security, developers and so on.
As far back as I can remember we have talked of heterogeneous networks and systems. I haven’t seen this change any. We have a lot more standards and in a lovely splash of irony a lot more “standard things”. However they are all standard more by their own definition than each others or anyone else’s. Finding a tool to go get relevant data back from a Windows, Linux (so many variants), Unix (just as many variants), Z Series, Websphere, DB2, Oracle Tech/Apps/Middleware, SAP all under one hood is the equivalent to finding the black unicorn.
The same can be said for finding an engine capable of providing solid compliance information on the above spread of products and technology that doesn’t rely heavily on the driver being fairly cognizant of the various vendors and their specific requirements and contract forms. And of course the engine will only run on information it has been given so if you have been out and bought a thousand licensing in x but you having uploaded this entitlement into your tool because your process failed or in fact you have no process and check in place then you are non the wiser. Worse still you have bought these licenses and it but it may be that unless you can provide fill proof of license ownership then an audit may still consider you non-compliant.
Let’s say for instance that your data inventory is okay and you have managed to get all of your licenses correctly into your tool and you start the engine. It tells you that in fact you have 500 copies of y product that are largely unused. These are up for renewal in 3 months as well. It suggests you might want to consider harvesting these to free up current entitlement and then possible save having to renew those 500 instances in 3 months time. Even with this, undeniably useful and Board friendly information it is like tormenting a hungry dog with a bone suspended just out of reach unless you have a known and easily repeatable way or removing these installed instances from 500 machines in a way that costs less in effort than it would cost in licenses. Now before last year I would have laughed at this, until I saw this scenario with my own eyes. An organisation that could not cost effectively remove any software whose license cost less than £250 because the cost per MACD with their outsource partner plus internal resource costs were prohibitive. The process was convoluted, incomplete, very manual, required change authorisation where none was practically warranted, in fact it was flawed in every way. And that was in an environment that had a decent config. management system in place.
Let’s not even get started on the number of packages, duplications, titles and versions they had on the go all at one time. Again, lots of great tooling but not enough defined or understood process to bother mentioning.
Anyway, to bring us back to my original destination, it is pointless to discuss SAM or ITAM within the context of a single element that makes up the whole. Having a great tool set and nothing else is like having an engine without the rest of the car. or a house with only one wall.
Unless you are looking at the big picture and considering: tools, knowledge, process and adoption then you might as well not bother implementing SAM and save the money to pay for extra licenses. From a practical stand point you can and will achieve far more by applying a little of each than you will be spending a lot on one.
Despite having been a focus for many years the SAM function in general is still not all that mature. At a point when it becomes easy to run multiple inventory and discovery tools that can provide a single combined set of commonly structured data that can then be interrogated by tools from other vendors sort, combine and categorise ready for tools from other vendors to determine your compliance positions based on best in breed for each vendor or product type either on site or via a cloud service then I think that SAM will continue to fight similar battles in slightly different ways based on what I have seen so far.
I have one final comment on closing. To all those people out there that I have heard talking about a “Silver Bullet” I say this, “You are trying to improve your governance, control and risk position not shoot a werewolf. A silver bullet doesn’t exist so roll your sleeves up and get to it”.
SAM even more so than the more encompassing ITAM isn’t easy and requires a lot of effort to make it happen. This is the fundamental issue that most organisations seem to be failing to either realise or address.
Meis duos denarios
Jim