I originally wrote a ‘New SAM Tool Checklist‘ a couple of years ago. This article is an updated and expanded version.
How Do I Know What to Look For?
There have been a number of discussions on various forums recently regarding SAM tool selection. A common recommendation is to take a look at your requirements and processes before starting to select a tool, thereby leading the selection process – otherwise you might end up being led by the most attentive vendor with the shiniest technology.
So how do you start putting your selection criteria together? Below is a list of things you may wish to think about, not of all of them will be applicable to your project so you can pick and choose to meet your requirements.
Product Terminology
First of all some terminology, make sure you are comparing apples with apples. I’ve spoken to many companies who have shortlisted three tools, one of which is inventory, one of which is SAM and one of which is ITALM. This is the equivalent of preparing for a family holiday and renting a motorbike, jeep or juggernaut! Whether it is a point solution, broad suite of products or mixture of the two – you decide, but make sure you are comparing like with like.
Common Product Categories
Discovery or Auto-Discovery – the ability to find new, moved or changed assets without dependence of an agent
Auditing – Scanning or corresponding with an asset to record its attributes
Inventory – A dynamic database of your assets and their attributes
Software Recognition – The ability to translate technical jargon into product jargon
Software Reconciliation – The ability to match up product jargon to your purchase history
Contracts Management – The ability to manage, prioritize and comply with your contracts and agreements
Reporting – The ability to share, collaborate and act on asset data
Workflow and Automation – The ability to automate SAM processes
Systems Management – To deliver changes, maintenance or new deployments
Some considerations:
The Asset Database
What features does your product include to help clients maintain an accurate and up to date view of their IT assets? Why pay for a product that is no better than Excel? See – Total Number of IT Assets – the most basic of metrics
How can your clients tell if they are getting adequate coverage and regular auditing of their estate? What operating coverage is available?
How do I communicate with assets? With Agents, Agentless? Zero Footprint? See also Agent vs Agentless
How can a client identify duplicates, retired machines or machines that have gone missing? There is nothing worse than a bloated out of date database which nobody trusts
How can clients tell when new machines are added to the network? Your team adds 50 new devices for new starters – how do they appear in terms of SAM, you need an accurate view of current assets in case the new starter business process slips.
What is the process for discovering new machines / platforms on the network? How do I classify and manage them? This might not appear very important when looking at a demo with 50 machines – but how do I manage 5000 dynamic machines in a real environment?
Does your technology track and manage the existence and usage of virtual platforms, virtual operating systems or web based applications? Virtual Operating Systems, Virtual Applications, Cloud based software and services, are they in scope for this SAM project and how will they be handled? Can the tool tell a) Where the VMs are and b) how they relate to users, locations and physical machines. See also Licensing in Virtual Environments – Six Steps to Containing Costs and Managing Virtual License Boundaries.
Software Recognition
Describe how your technology recognizes software (Header Information = Weak, Add / Remove Programs = Weak, Software Recognition Database = Better – but test it’s accuracy) See also – Software Recognition – What’s the big deal? Does your software identify whether an application installed requires a license?
How does your technology allow users to prioritize risk and sort software? In intellectual property terms Winzip is equal to Oracle. When looking how much you spend on each vendor each year you need to be a little bit more pragmatic. How do I filter out the noise? See – What License Managers can Learn from the Railways
How is the usage of applications managed within your technology? Is it actual usage or just open? Key and mouse activity? How are applications linked to devices and/or platforms?
Does your technology supplement software discovered with any additional intelligence? (SKU, Price, Category, Risk etc.)
What features are included to automate the recognition process whilst maintaining accuracy? Does it learn? Does it offer recognition suggestions? Does it offer guidance on what needs recognizing?
Software Reconciliation
How does a client reconcile their entitlements against discovered software?
What features are included to automate the reconciliation process? (if I have 20,000 users do I have to manually link up each license?)
How are different license types usage rights managed within the reconciliation process? Think about your license agreements in place – per user, per processor, per core, per use, per year etc.
Does your technology provide license intelligence based on what is discovered? If I find an application installed does it suggest how that application might be licensed and how I can use it? E.g. I found an application, it is usually licensed per named user, that named user can also use it on a mobile device as well as their main machine.
How and where is documentation and / or meta data associated with licensing stored?
What intelligence is provided to clients to assess their compliance position and negotiate contracts?
How does your technology support ongoing renewals?
How does your technology support the ongoing optimization of software assets?
Reporting
Describe the reporting capabilities of your technology to support SAM processes. Once I’ve collected all this lovely data how can I put it to good use to drive change and support my ongoing SAM practice?
Can the client gain access to raw data to use with other technology? If so how? You might want to integrate or syncronise your SAM database with a CMDB, ServiceDesk System or Systems Management Tool.
Can the client import / syncronise data from other systems? If so how? ERP? HR? Security?
How does your technology harness the clients existing systems or infrastructure? Active Directory? Document Management Systems? CMDB? ServiceDesk? See also ITAM: a Prerequisite for building a CMDB
How does your technology support the lifecycle of software? E.g. Evaluation, Procurement, Build, Deployment, Operation, Upgrade and Maintenance, Retirement
Can clients be alerted or sent scheduled reports?
Enterprise SAM
What features does your product include to support clients with multiple cost centres, geographic regions and networks? Is there just one SAM owner or multiple?
How does your technology handle Global Agreements, Local Agreements and Nested or Parent / Child Agreements or other contracts with dependencies?
How does your technology cater for multiple user types, roles and responsibilities? Your multi-million dollar compliance position or contract negotiation is not necessarily something you want shared with the whole company.
How does your technology support the optimal usage of software and minimize the risk of non-compliance across multiple cost centres? Is there an internal costing view and external auditor view? Can I auto allocate licenses automatically according to rules?
Describe how your technology integrates and cooperates with large scale enterprise systems to facilitate SAM processes
General Features
What documentation is provided with your technology?
How are clients supported during initial install?
How are clients supported after implementation?
How does your technology align itself to the practices outlined in ISO/IEC 19770-1 & -2?
Look and feel – is this the best option for us for day to day use?
Why ITAM has struggled to take root, and why I believe that’s about to change. Executive Summary Current ITAM Ecosystem in China. China, despite being the world’s second-largest enterprise software market, shows limited ITAM awareness and ...
In the world of ITAM, the regulatory spotlight continues to intensify, especially for financial institutions facing increasing scrutiny from regulatory bodies due to the growing importance of IT in operational resilience, service delivery, and risk management. ...
On the 30th April, Microsoft released its Q3 quarterly earnings report, exceeding expectations and igniting investor optimism. Investors had been keeping a watchful eye on Azure’s Cloud performance after Microsoft’s Q2 Cloud results fell short of ...
Podcast
No time to read? Want to stay up to date on the move? Subscribe to the ITAM Review podcast.
In the world of ITAM, the regulatory spotlight continues to intensify, especially for financial institutions facing increasing scrutiny from regulatory bodies due to the growing importance of IT in operational resilience, service delivery, and risk management. ...
Executive Summary For ITAM teams, sustainability is a core responsibility and opportunity. Managing hardware, software, and cloud resources now comes with the ability to track, reduce, and report carbon emissions. Understanding emission scopes—from direct operational emissions ...
In 2024, the ITAM Forum and General Interfaces conducted a global survey (On behalf of the ITAM Forum’s AI+ITAM Working Group) targeting ITAM practitioners, executives, and stakeholders to explore the growing influence of AI on the ...
In the days immediately following his inauguration, President Trump and his team declared war on Diversity, Equity, and Inclusion (DEI) programs at the federal level. The impact has been felt far and wide. Many government contractors ...