New SAM Tool Requirements Checklist V2.0
05 May 2011
8 minute read
I originally wrote a ‘New SAM Tool Checklist‘ a couple of years ago. This article is an updated and expanded version.
How Do I Know What to Look For?
There have been a number of discussions on various forums recently regarding SAM tool selection. A common recommendation is to take a look at your requirements and processes before starting to select a tool, thereby leading the selection process – otherwise you might end up being led by the most attentive vendor with the shiniest technology.
So how do you start putting your selection criteria together? Below is a list of things you may wish to think about, not of all of them will be applicable to your project so you can pick and choose to meet your requirements.
First of all some terminology, make sure you are comparing apples with apples. I’ve spoken to many companies who have shortlisted three tools, one of which is inventory, one of which is SAM and one of which is ITALM. This is the equivalent of preparing for a family holiday and renting a motorbike, jeep or juggernaut! Whether it is a point solution, broad suite of products or mixture of the two – you decide, but make sure you are comparing like with like.
Common Product Categories
- Discovery or Auto-Discovery – the ability to find new, moved or changed assets without dependence of an agent
- Auditing – Scanning or corresponding with an asset to record its attributes
- Inventory – A dynamic database of your assets and their attributes
- Software Recognition – The ability to translate technical jargon into product jargon
- Software Reconciliation – The ability to match up product jargon to your purchase history
- Contracts Management – The ability to manage, prioritize and comply with your contracts and agreements
- Reporting – The ability to share, collaborate and act on asset data
- Workflow and Automation – The ability to automate SAM processes
- Systems Management – To deliver changes, maintenance or new deployments
The Asset Database
- What features does your product include to help clients maintain an accurate and up to date view of their IT assets? Why pay for a product that is no better than Excel? See – Total Number of IT Assets – the most basic of metrics
- How can your clients tell if they are getting adequate coverage and regular auditing of their estate? What operating coverage is available?
- How do I communicate with assets? With Agents, Agentless? Zero Footprint? See also Agent vs Agentless
- How can a client identify duplicates, retired machines or machines that have gone missing? There is nothing worse than a bloated out of date database which nobody trusts
- How can clients tell when new machines are added to the network? Your team adds 50 new devices for new starters – how do they appear in terms of SAM, you need an accurate view of current assets in case the new starter business process slips.
- What is the process for discovering new machines / platforms on the network? How do I classify and manage them? This might not appear very important when looking at a demo with 50 machines – but how do I manage 5000 dynamic machines in a real environment?
- Does your technology track and manage the existence and usage of virtual platforms, virtual operating systems or web based applications? Virtual Operating Systems, Virtual Applications, Cloud based software and services, are they in scope for this SAM project and how will they be handled? Can the tool tell a) Where the VMs are and b) how they relate to users, locations and physical machines. See also Licensing in Virtual Environments – Six Steps to Containing Costs and Managing Virtual License Boundaries.
- Describe how your technology recognizes software (Header Information = Weak, Add / Remove Programs = Weak, Software Recognition Database = Better – but test it’s accuracy) See also – Software Recognition – What’s the big deal? Does your software identify whether an application installed requires a license?
- How does your technology allow users to prioritize risk and sort software? In intellectual property terms Winzip is equal to Oracle. When looking how much you spend on each vendor each year you need to be a little bit more pragmatic. How do I filter out the noise? See – What License Managers can Learn from the Railways
- How is the usage of applications managed within your technology? Is it actual usage or just open? Key and mouse activity? How are applications linked to devices and/or platforms?
- Does your technology supplement software discovered with any additional intelligence? (SKU, Price, Category, Risk etc.)
- What features are included to automate the recognition process whilst maintaining accuracy? Does it learn? Does it offer recognition suggestions? Does it offer guidance on what needs recognizing?
- How does a client reconcile their entitlements against discovered software?
- What features are included to automate the reconciliation process? (if I have 20,000 users do I have to manually link up each license?)
- How are different license types usage rights managed within the reconciliation process? Think about your license agreements in place – per user, per processor, per core, per use, per year etc.
- Does your technology provide license intelligence based on what is discovered? If I find an application installed does it suggest how that application might be licensed and how I can use it? E.g. I found an application, it is usually licensed per named user, that named user can also use it on a mobile device as well as their main machine.
- How and where is documentation and / or meta data associated with licensing stored?
- What intelligence is provided to clients to assess their compliance position and negotiate contracts?
- How does your technology support ongoing renewals?
- How does your technology support the ongoing optimization of software assets?
- Describe the reporting capabilities of your technology to support SAM processes. Once I’ve collected all this lovely data how can I put it to good use to drive change and support my ongoing SAM practice?
- Can the client gain access to raw data to use with other technology? If so how? You might want to integrate or syncronise your SAM database with a CMDB, ServiceDesk System or Systems Management Tool.
- Can the client import / syncronise data from other systems? If so how? ERP? HR? Security?
- How does your technology harness the clients existing systems or infrastructure? Active Directory? Document Management Systems? CMDB? ServiceDesk? See also ITAM: a Prerequisite for building a CMDB
- How does your technology support the lifecycle of software? E.g. Evaluation, Procurement, Build, Deployment, Operation, Upgrade and Maintenance, Retirement
- Can clients be alerted or sent scheduled reports?
- What features does your product include to support clients with multiple cost centres, geographic regions and networks? Is there just one SAM owner or multiple?
- How does your technology handle Global Agreements, Local Agreements and Nested or Parent / Child Agreements or other contracts with dependencies?
- How does your technology cater for multiple user types, roles and responsibilities? Your multi-million dollar compliance position or contract negotiation is not necessarily something you want shared with the whole company.
- How does your technology support the optimal usage of software and minimize the risk of non-compliance across multiple cost centres? Is there an internal costing view and external auditor view? Can I auto allocate licenses automatically according to rules?
- Describe how your technology integrates and cooperates with large scale enterprise systems to facilitate SAM processes
- What documentation is provided with your technology?
- How are clients supported during initial install?
- How are clients supported after implementation?
- How does your technology align itself to the practices outlined in ISO/IEC 19770-1 & -2?
- Look and feel – is this the best option for us for day to day use?
See also what the very best tools on the market are currently offering and Seven Observations from reviewing 17 SAM tools.
See the ITAM Review Marketplace for a full list of worldwide providers.
If I have missed anything or if any of the points above need clarification please give me a shout.