In my last article I talked about stopping the rot and getting the basis right. Part of getting the basics right is having some sort of tool in place so that you can implement processes and policies (loosely in our case) around the tools in question.
We talked about how we’ve got the support of other heads of department (but not senior management just yet), and how we were trying to collect all of the invoice data and license information so we can start to establish where we are in regards to license compliance.
Much to our delight, there are a number of free tools on the market that we can install that allow us to have some sort of overview on the software we have installed on our network. We tested two or three before finally deciding on the best option for us, which is what I suggest people do if you have no budget and are after free discovery tools. What works for us may not work for you, but we have implemented OCS Inventory with GLPI Asset Management software. Both are free, we’ve checked several times:
OCS License – OCS Inventory is released under the GNU General Public License, version 2.0 (GNU GPLv2). The GNU GPL provides for a person or persons to distribute OCS Inventory for a fee, but not actually charging for the software itself, because OCS Inventory is free.
GLPI – “You are free to use GLPI for any activity, which is personal, professional or commercial. Within the framework of a commercial activity, the contract that you associate your provision of services should not interfere with GPL licence attached to GLPI”
OCS works with GLPI, which is why we’ve implemented that particular combination. So far so good with both tools considering they are not as sophisticated as a paid for solution. They provide me with a basic outlook on what our software asset estate looks like, and also gives us the opportunity to start looking at comparing our entitlement with our installs.
I can’t stress how important it is to test both tools within your environment before considering a mass deployment. There are security, suitability and stability issues with other systems to consider. The tools are free, so take your time in picking the right option for you.
After installing the free tool, we have started to review the software installed on our machines. As you can imagine, it’s a bit of a free-for-all with different versions and editions scattered all over the place. This is what happens when you have no SAM process in place, people just purchase and install whatever software they want. Now that we have the basic processes in place and the tools assisting us we can now start to see who has what software installed, and whom we know hasn’t got a license.
We have created a list of software applications to remove, and we’ve categorised them by importance and quantity. This gives us some structure to the removal process, rather than having it as a free-for-all. Our list is in a shared area so that all of my IT staff and other heads of department can see the list and the machines/users that we will be removing or changing the software for. I’ve really wanted to make sure that other heads of department are fully involved and aware of what we are doing.
Having their support and them involved in the processes has allowed me to build better working relationships with them. We have started to build up trust in each other. I trust they wont allow their users to install any software without following the right processes, and they trust me not to remove any software that will impact on their users jobs. They have also been very useful in adding software to the ‘blacklist’ and have helped massively in any disputes we’ve had with users. Communication goes a long way in a SAM project!
We have started physically auditing machines along with using the free tools we’ve installed. This is simply because the tool is free, so I don’t trust it 100% and because I want to ensure that we follow best practice and make sure we know exactly what software we are removing. You can never be too careful anyway, so we’ve been selecting a certain percentage of machines to carry out physical audits on. These machines are assets we’ve identified as having a wide range of software installed on them that we’ve never heard of or that we haven’t found a license for yet.
We’ve been emailing the user before hand to arrange a time for us to come and see their machine. Whilst this has been met with some resistance from users who don’t want us looking on their machine (we can do that anyway without them knowing…!) we have successfully carried out physical audits on an average of 20 machines per week. We have been using the tools to remotely connect to other machines to remove software, so on average we are auditing 45 to 50 machines a week.
As you can imagine this is taking up an awful lot of my time and my helpdesk teams time, but the organisation has got itself in this mess so we need to make sure we sort it out! That’s the thing with IT, we have no real say in any of the big decisions this organisation makes, we get no praise when we rebuild a machine in record time, but if things go wrong we certainly hear about it. I dread to think what would be said if we received an audit letter.
As part of the physical audit, I wanted to ensure that we keep a record of what software we have removed from what machine, just so we have some record for future SAM justification and to prove that we can save money. Unfortunately, for now this is done via spreadsheet. We have listed the following information:
As I have my helpdesk staff working on this project with me, once again this is in a shared area. My team are young and enthusiastic, and software removals don’t exactly challenge them. To try and drum up some enthusiasm and to get them really understanding how important SAM and licensing is I’ve given them a bit of a challenge; Who can save the most amount of money? Being young and competitive they really enough boasting about the amount of removals (all authorized) they’ve done, and how much money they’ve saved the organisation.
Due to our previous decentralized software procurement process, we are struggling to identify which department has purchased what software license. As you can imagine this is causing a bit of conflict between heads of department who each claim to have purchased the same licenses. With no software procurement process in the past we can’t see who requested the software and what cost centre in has come out of. To combat this issue we’ve agreed to pool all of the existing licenses into a company pool for use by anyone.
As the software license and the budget belongs to the organisation anyway, this seemed like the easiest and most logical way of assigning licenses. None of the licenses are department specific anyway so everyone can use them. We’ve added the licenses into our database and as mentioned previously, we are starting to address the non-compliancy and the non-usage of software.
Moving forward, with our new procurement process we will have a record of exactly what cost centre purchase what licenses and what user requested the software.
By installing a free tool it gives us some sort of springboard to jump from, and it gives us greater visibility of what is installed on peoples machines. We can really start to generate an effective license position, even if it highlights we are under compliant it is still vitally important that we know just how over licensed or under licensed we are.
In the next article I’ll be talking about the struggles we are having tacking software usage, how we are addressing our compliancy issues and my attempts (!) at implementing more sophisticated SAM processes within our organisation. Who knows, by that time we may even have senior management support!