Original plans had customers entitled to a 24 hour support response time when their Software Assurance spend was more than $250,000 USD - as of next year though, you'll need a Support Contract.
That means either a Unified Support arrangement across your enterprise, or the uptake of pay-per-incident support (also available as a 5-pack option that expire within a 12 month period), which doesn't seem a particularly attractive proposition to smaller organisations. If you do have a Unified Support Contract you can transfer any current Software Assurance 24x7 Problem Resolution Support incidents before February 1, 2023.
And the costs - well Unified Support is customised based on the actual spend, where pay-per-incident is published at Professional Support For Single Incident – $499 USD for 1 user. Professional Support For Five Pack Annual – $1,999 USD for 1 User.
So you might need to revisit those 2023 forecasts just to make sure you've covered any additional costs you might incur - or maybe challenge Microsoft to their commitment that "Our goal is to ensure every customer gets comparable support services at a comparable price, despite the benefit retirement." !
A caution when relying on vendors to deliver projects with software installs.
Many projects require the expertise of vendors to install, configure and productionize their software and systems, however as the client and end-consumer you need to be aware of what exactly is making its way into your environments.
All too often following discovery we'll find unaccounted for vendor software, which typically after an onerous investigation is found to be remnants from the vendor-led project, anything from desktop clients to entire VM's, each of which can have dire compliance implications and cost.
But "hold-on - we didn't install it - the vendor did" is the common response, however a quick pointer to the relevant contracts will soon expose that this does not offer any defense - the customer is always responsible for compliance, even if it is the very vendors software in question.
At a more concerning level is when a vendor installs another vendors software - while this is not uncommon with the extent of partnerships and interoperability in the modern industry, it still needs to be clearly and formally covered, ideally contractually or by reference to the vendors right to distribute and use any IP they don't own. These artefacts need to be registered and retained in the event of an audit that questions your usage rights - in the worst case scenario if the vendor has breached another parties IP rights you too could end up subject to an infringement claim, and that's no place you want to be.
And never rely on the vendor's personal emails or assurances that 'all is well' - none of that will hold-up under audit (even if they are still there). When it comes to IP all bases need to be formally covered, and if that's proving to be a problem, well you might want to be even more wary.
Hats Off to IBM for it's new dedicated Licensing and Compliance site.
Launched on the 17th February the site is a comprehensive, easily navigated resource for both SAM beginners and experienced personnel alike.
Quoting Wes Mantle from the Licensing and Software Sales division: "We hope our Licensing & Compliance website will be a go-to resource for IT executives and SAM/license managers, providing clear guidance for measuring deployment effectiveness and navigating software verification process in an efficient, fair and timely manner."
The 'Licensing' section offers a good starting point with links to related subjects and material, and also provides particularly good graphical representations of IBM's many agreement structures along with key terms and clauses, while the 'Measurement' section covers the array of metrics and topics across on-premise, cloud and mainframe platforms.
If short on time, on everyone's list should be a read and review of the new licensing Guides that include:
The guides have been re-written in a much more readable and informative style covering all fundamental licensing subjects including the often misunderstood virtualization, backup and recovery, and non-production environment rules and obligations.
Of course the site wouldn't be complete without covering IBM's Verification approach, which includes audits, self-declarations and the IASP program. Interestingly, the section doesn't make reference to IBM's new, hosted, software management tool ESMT. The Enterprise Software Management Tool is described as an enhancement over the functionality currently provided by PA Online, providing "a full software inventory which details the number of licenses currently deployed and the number of licenses available to deploy. This can be updated in real-time to reflect any changes in requirement, meaning you always have a contemporaneous view of your IBM license position".
What's not clear is how the tool will actually operate in order to provide the view of "how many licenses have been used, where and by whom". This seems to imply some degree of discovery across the client landscape - on an ongoing real-time basis - which would come with its own complexities and certainly, concerns. We'd be keen to hear from anyone who has or is looking to adopt this approach - please comment below or get in touch!
What's not raised cynical eyebrows though is IBM's view of the benefits of being in compliance:
... we can all agree on that!
So set aside some reading time and work your way through the site - it will be a valuable use of time, and ensure you bookmark it as you'll no doubt have cause to return on numerous occasions!
Does your company distribute Adobe Reader to employees? ... if so, make sure you have a valid Distribution License.
Now it's not as onerous as it sounds - it can all be done online, so lets look at some of the detail.
When do I need it?
A Distribution License Agreement is required for:
Note: You do not need to apply for a Reader Distribution License if you prefer to direct users from your website to Adobe.com to download Reader.
What does the Agreement allow me to do?
You will be authorised to:
What are the key restrictions?
Ok, got it ... what do I do now?
You'll need to apply for a desktop license which will take just a few minutes and is required to determine how you intend to use Reader. After you complete the short online form, you'll receive an email with a link to the installers. You'll also need to mark a renewal date 12 months from receipt to reapply - the agreement is only valid for one year.
The Software Landscape is now ripe for vendors to lock-in Subscriptions and eliminate what (to them) are much loathed Perpetual Licenses ...
So what could be done to solve their predicament - enter Subscription Software!
So make sure your cloud strategy includes a proper evaluation of licensing - ask where will I end-up following that journey from a commercial perspective?
Everyone will say 'Better-off' ...
but you might find in the long term that's not necessarily the case.
The Software Freedom Conservancy sues Vizio, Inc. for alleged violations of the GNU GPL covering software incorporated into certain Vizio smart TVs.
An early and widely publicised example of the impacts of such non-compliance was the 2008 lawsuit initiated by the Free Software Foundation (FSF) against Cisco Systems that alleged several of Cisco's consumer network routers used GPL licensed code. The litigation was settled with Cisco releasing the source code, making a contribution to the FSF, and appointing a compliance officer. Quite the kicker.
In this latest action SFC asserts that all consumers of copyleft code deserve the opportunity to know, access and modify the code on their devices and is seeking the release of the complete, corresponding source (CCS) for all GPL’d components on Vizio TVs. The benefit? Well much as it was with the older analogue hardware TV's that would be repaired by technicians, coders would have the option to repair the software when the supplier potentially stops support for their older models (surely not from 'built-in obsolescence'?)
And lets not forget the ethics involved given the FOSS history and the principles that underpin it. From its fruition in the 1990s and early 2000s when Linux and other GPL’d software was considered nothing more than experimental. From those curious beginnings grew the community of enthusiastic developers whose software has benefited and furthered the rights and freedoms of individual users, consumers, and developers around the globe. It is a culture worth preserving and that means keeping organisations who benefit from that culture honest. (SFC refers to this as 'Ethical Technology' meaning technology that serves its users rather than the corporations who profit from it and preserves and promotes the rights of those impacted by it).
So if you are an organisation using open-source software, and in particular, incorporating it in proprietary commercial products, make sure you understand your compliance obligations with the relevant open source licenses. If you don't, you might soon find that letter arrives requiring you to release all of the IP you've built on top of the most excellent Free and Open Source Software that we all benefit from.
The Software Freedom Conservancy is a 501(c)(3) nonprofit organization that is supported largely by individuals who care about technology and advocates for software that has been designed to be shared (using copyright licensing that allows users to freely use and repair it, and, in particular, forms of software licensing that use the restrictions of copyright to promote sharing called “copyleft”, such as the GPL).
In the absence of strict procurement practices and robust record keeping its all to common to see organisations struggling to retrieve their records of purchase backing-up their claim to entitlements. In fact how often do we hear "yeah we've got 20 licenses for that - they're listed on Dave's spreadsheet".
Now lets be clear - the fact that it's on Dave's, or Susan's or anyone's spreadsheet does not constitute evidential fact. For that, you'll need the Proof of Entitlement if issued by the vendor, or the (signed) Contract containing the license grant, or the Order issued under it for the products in question. At a minimum if those are lost in the tracks of time (no doubt residing only in someone's email who has long departed the employ of the company), you'll need the latest invoice that shows the products and quantities that were covered by the last payment (ie. either actual purchase or renewal).
Again, its all too common that it's not until an audit that organisations are forced to scramble through the purchasing, legal, IT et al records looking for some artefact to substantiate the otherwise baseless right of use claim for the vast overage of licenses that have been deployed! This trek down memory lane can be the most time consuming - and often fruitless - use of specialized resources, the cost of which is not generally recognized by management and similarly overlooked in the justification of a dedicated SAM function.
So what's the alternative? Quite simply a process that ensures those essential records are properly recorded in an organized and readily accessible system, and are kept current through routine and ongoing ownership - once established this is not as much of an overhead as it might seem, and having all of that data at hand when challenged by a vendor can go a long way in underlining your disciplined approach and credibility in such a way that you'll be last on the next audit round list, if in fact on their radar at all.
Now this will no doubt rally those skeptics with their "wait - I just call my reseller and say give me a list of what we own" approach, and while this might offer some solace it doesn't necessarily constitute proof in the same way that last document of fact - the invoice - does. How's that? Well for one example think of step-up licenses that will be printed there for all to see, but what about the original license it is based on (and worse, what if that original license is actually still in use!), or those 'from-SA' uplifts that require unravelling potentially years of purchase history to properly determine entitlement. All best avoided by having a routine practice supported by a specialized system in the first place ...
Participating in a recent webinar with industry CIO's presented an opportunity to evaluate what has - or hasn't - changed in terms of SAM in the technology space today. Perhaps most interesting - and reassuring - is that CIO's still recognise compliance as the major driver for a SAM function in their organisations, closely followed by the incentive of cost optimisation and savings as represented in the poll below:
Why reassuring? Well we believe that gaining a robust compliance discipline should be front and foremost in implementing SAM in any organisation - the benefits of properly managing your software assets results in two significant outcomes to your business:
Where does the future take us?
When asked to consider the landscape three years from now the supplier risk element was significantly superseded by cyber-risk, and cost and productivity elevated to the major returns:
For these results we'd point back to the present - dealing with compliance should be the priority and the returns will follow. Cost optimisation and productivity gains should quite simply be a by-product of properly managing your software domain rather than the core driver - there is an inherent danger in putting finances ahead of compliance just as in the case of regulatory requirements ...
... you can't opt-out.
As of 1st March 2022 all plans will increase anywhere from 8.5% to 20%
Stating that it is the "first substantive pricing update" since its launch in 2011 Microsoft have announced uplifts to all of its Office 365 plans early next year, citing the addition of 24 apps to the suites —Microsoft Teams, Power Apps, Power BI, Power Automate, Stream, Planner, Visio, OneDrive, Yammer, and Whiteboard — and the release of over 1,400 new features and capabilities in the three key areas of Communication and collaboration, Security and compliance, and AI and automation as justification for the rise.
As a sweetener they have also added unlimited dial-in capabilities for Microsoft Teams meetings across the enterprise, business, frontline, and government suites over the next few months, currently only available under the E5 plans. This will allow users to access Microsoft Teams meeting from virtually any device regardless of location when unable to access an internet connection.
So what are the prices changes?
Per User charges as of 1st March 2022 will be as follows:
So biggest increases to the lower cost plans, with the popular O365 E5 attracting the smallest hike. The increases will apply globally with local market adjustments for certain regions, and there are no changes to pricing for education and consumer products at this time.
With Microsoft Teams being industries tool of choice lately the rise is unlikely to cause much of a stir in the marketplace, however worth leveraging your enterprise agreements and overall spend to get the best discounts available — larger orgainsations could be up for a hefty and no doubt unexpected budget blowout if they're unlucky enough to be renewing next year!
Insights from the latest Deloittes report following their global survey.
And of course the investment and value aspects are always front of mind:
Deloittes rightly call out additional measures that organizations should factor into the value equation:
Given the challenges in collecting correct asset utilization data within the organization (29%) and recognition that a greater investment in ITAM tools and technology (25%) is required, it is not surprising that specialist third party support features in the report, in the main operating an on-premise ITAM tool (16%) or providing such as tool through a software-as-a-service (SaaS) platform (14%). Other key areas where external assistance is being sought includes software vendor-specific licensing expertise that is not often readily available in-house (27%), followed by ITAM tool maintenance (20%) or strategic advice to transform ITAM teams (20%)
Lets not forget the ongoing bugbear that is audits ... what did respondents face in the past year:
And finally, we wholeheartedly agree with Deloittes prediction "that the more progressive and astute organizations will increasingly recognize ITAM as a longer-term strategic investment that creates ongoing value across the entire organization going far beyond just their IT team."
They also go on to say "this would be in sharp contrast to the more traditional (and increasingly fading) mindset that perceives this as a tactical one-off short-term fix, primarily aimed at minimizing costs related to IT assets."
... so if you're ready to get started with your SAM program - or want to move faster - we can help, just get in touch!
In this second part of our SAM Foundation series we look at Compliance Reporting and the importance of understanding your deployment position.
In part one of this series we covered the importance of a full data collection across your data sources and contract and licensing information, now we look at how to bring that together into a compliance position.
The first realisation is - wow! - that's a lot of data we have out there! So just as we needed tooling to perform the data gathering exercise we are going to need analytics to decipher not only what's important but how to interpret it all, for which there are two aspects:
Now what exactly do we mean by 'Scale Reporting'? Basically this means a reporting facility that enables you to stipulate variable parameters from product to vendor to company, with the output organised by device in a concise and easily readable form - for example ComplianceWare's powerful python & pandas based analytics engine that slices and organises the data into output as a familiar Excel workbook.
A snapshot of the output as below:
The analytics should also consider base licensing metrics such as server core and PVU minimums, apply relevant bundling rules to avoid double counting, and recognise non-chargeable installations such as clients and free-edition software.
So we now have our first view of what's deployed where - and that's a good start, but it doesn't mean the jobs done. You'll want to perform some spot / sanity checks across the report, and that's where the 'Direct Examination and Querying' comes in. Here, your tool should allow you to easily interrogate your data collection (which can span many millions of rows) for further review and confirmation, and that's accomplished via smart features that enable you to slice, limit and target the fields and items of interest. Again, with ComplianceWare as an example you can easily navigate through the data by vendor, product, data source, and perform smart searches with inclusion and exclusion parameters to dynamically find exactly what you are after.
ok ... we're happy with our deployment report - now what?
Now it gets interesting - does what's reported as deployed match what we're actually entitled to? While some products can be automatically tallied (eg. products with simple install or device metrics) others will require more effort such as resource based metrics like cores or logical licenses such as users, and those in more complex environments such as virtual environments where physical v virtual considerations must be taken into account.
Here there are no short-cuts - it will require a knowledgeable individual (preferably with prior experience in the environment) to work through each product in a methodical and calculated manner to (a) derive the optimal licensing construct and then (b) reconcile against the recorded (and evidenced) level of licensing. As this progresses it is imperative to capture your findings and ensure they are lodged as an artefact for audit readiness and as a baseline for future reporting cycles (again with ComplianceWare this can be stored as 'Verification' material alongside the updating of actual usage figures).
And just how often should the whole exercise be performed? We'd recommend that you cover your major vendors at least annually, and institute a program of work that targets a select number of products or vendors quarterly. The good news is that once you've completed one cycle others become easier as you'll have a baseline to compare or commence from.
So to summarise:
In this series we'll cover the foundations of SAM, and what they mean.
Data is the essence of SAM, much as it is with most of technology. It's all there, somewhere, amassed over time, stashed away in the recesses of the organisation. It may exist (hopefully) in electronic form, or (lamentably) physical records filed and stored, most typically both. So we know the data's out there, the question is how - and where - do we start?
The first step is to determine what data sources you can tap into, from the raw systems themselves through other collection platforms you might run such as CrowdStrike, Microsofts SCCM, IBM's ILMT, HCL's Bigix Inventory etc. With larger organisations the issue is always completeness - be it running agents or agentless via remote extracts - how do we know we're capturing everything we should ... and that can be a much more difficult proposition than it seems.
The approach is to source as much data as possible and compare it, merge it, blend it, and massage it to get the best quality information you can - the issue today is not so much sourcing the data, its how to filter through it to find what's important, and to do that you'll need tooling.
That means firstly figuring out what is most workable - and also most repeatable. This could be as simple as providing system logins to run application specific extracts, or remote connectivity as a centralised administrator, or even integrated access via API's. All act as feeds to your SAM system that will then do the hard data crunching and reporting work for you (for which ComplianceWare's pandas driven analytics engine is purposely designed).
So that covers the inventory side of things - collecting the deployment information and associated identifiers (ie. the editions, statistics, capacities etc) necessary to derive your consumption levels, but then you'll need the associated Contracts and Licensing material as well to compare to your entitlements and establish your compliance position, and that's where things can get tricky.
Most organisations - even those that are largely centralised - have some degree of local procurement (all the way down to problematic credit-card purchases) that make it difficult to collate the full and complete record of ownership. So you'll need to start with what is known, match that to the inventory you have identified exposing the shortfalls and gaps, and go looking for those great unknowns.
This can be a long and even fruitless exercise at times, sometimes reliant purely on the knowledge of individuals (if they're still with the organisation that is), extending from business to technology teams, from legal to procurement, all depending on how controlled and robust the procurement processes are. The key here is to capture that information so its recorded and available from there on, and the whole exercise doesn't have to be repeated (as it would in the case of audits).
Ideally your SAM system then allows you to maintain that connection of inventory to entitlements, organised by the contracts they were acquired (and operate) under. Any compliance issues can then be dealt with in a managed and controlled way, along with the potential benefit of savings from license consolidation, decommissioning, harvesting, or reuse, but we'll cover that in Series (#2).
And the kick - data collection isn't a one-off, its an ongoing process that should be repeated as often as necessary based on the frequency and fluidity of change in your environment. On the plus side, once you have established the process it becomes much easier and efficient to rerun, and depending on your SAM system gain more intelligence each time (for example, ComplianceWare can compare different data captures and report the differences so that you can quickly identify what's changed, and what might need attention).
Key takeaways then are:
Keep in touch for the upcoming SAM Foundation Series (#2) - Compliance Reporting.
Extending Software Compliance's services to a global organisation meant expanding ComplianceWare to support multi-entity hierarchies, timezones, and currencies.
In an exciting development for Software Compliance we are very pleased to announce the expansion of our services to a major global operation, delivering SAM support built on our flagship ComplianceWare platform across 3 regions, and 18 different countries and companies.
While single entity customers will not notice any (well little) difference in the presentation and operation of the system there have indeed been a number of changes 'under the hood' with some of those features of benefit to all clients such as:
It has been a period of vast growth and development for Software Compliance, and we are very appreciative and fortunate to work with the many insightful people on this continuing journey.
And if you're thinking that Managed SAM Services built on the most cost effective tool in the market could help your organisation, please just get in touch with us to talk about what we could do!
The February 2021 edition of Microsofts Product Terms Document will be the last.
A little under two years ago we reviewed Microsofts new approach to licensing terms in our June 2019 blog here - now its being further revamped.
As announced on the front page of the February PT document:
Please note this is the last Product Terms Word document. Going forward, the terms will be published on the Product Terms site available at https://www.microsoft.com/licensing/terms/productoffering. Archived versions will continue to be available. For more details, go to https://www.microsoft.com/Licensing/product-licensing/products.
What does it look like - the landing page as shown below:
So quite clear and compact, although you will need to be quite savvy with their license programs and models to get the most out of using it.
... and when put to the test?
We decided to take on one of their more convoluted product licensing models - Power BI - and, well, it didn't seem any simpler. With prerequisites like "Power Automate per user with attended RPA plan, or Power Automate per flow plan" (ok...), and Extended Use Rights such as "Power Apps Portals that map to licensed Dynamics 365 application context and, Power Apps Portals that map to the same environment as the licensed Dynamics 365 application" (right...), the format might have changed but the content is still not that intuitive is it?
So while access to dynamic and current licensing information is always a good thing, simpler licensing models and metrics would we think resonate much better with software customers in general. After all, we all want to be compliant, so why make it so hard we wonder - any thoughts / comments ?$$?
Vendor results can be a telling indicator of what might lie ahead
We regularly connect with the ITAM Review as a reliable source of information in the software domain and of interest this month is a comprehensive report from Rich Gibbons on the financial performance of some key software vendors - from the $5.6B loss of Google Cloud to the 29% rise in operating income (Q2) of Microsoft.
You'll find the full report here.
In summary ...
Some marked differences in performance - particularly in the cloud space, with a watch and ready advice for some of the poorer performers - we all know where they head when times are tight ...
From February 2nd Atlassian will stop selling new server product licenses and cease development of new features in the entire server product line although maintenance and support will continue to be provided for a further three years.
Mind you, this will come at a cost - there will be both server and data center price increases touted as necessary to:
"ensure the security and maintenance of the server platform while providing you with the opportunity to run a free cloud migration trial."
"make using cloud and Data Center together easier for you and your users through a more unified administration experience and improved integrations between the two offerings."
So what are the important dates here - check below:
... and my options are?
Well with Server, move to the Cloud or move to Data Center. At this stage Atlassian have stated no end of life for Data Center, however you are encouraged to monitor their roadmap in that regard. To learn more start with the migration FAQs that provide a volume of useful information to get you underway.
So as reported in our October blog, not only will there be the myriad of edition upgrades to contend with this year, we expect you'll be presented with more and more platform migrations as well, and while the Atlassian User licensing model is straight forward (although keep in mind it applies to any user who has permission to use the product, not necessarily a user who accesses it - so restrict accordingly) others will likely not be as simple, and that means understanding your license migration options just as well as your technical options as being unprepared with either can prove a very expensive exercise.
A year of challenges and differences to all (recent) others.
Perhaps not surprisingly the IT industry did its part in the battle with Covid-19. Mobility became essential - workers were confined to homes, offices were shutdown, usual communication and interactions were stifled.
... enter video conferencing on a whole new level
From Zoom, to WebEx, to Teams everyone had to find a way to adapt. Not only did meeting online become the norm for but also the stand-in for the social watercooler or coffee break gatherings, or even the swell of welcomes and farewells.
That all worked well and is undoubtedly with us for good.
But what about licensing? If you recall our March Blog we called out the possibility of easily becoming non-compliant in the rush to stay connected to your workforce and customers. With the new year imminent its now time to regroup and review. Are all of those rapid changes squared off? Have you reconciled usage to entitlements? Or are you perhaps uncertain of exactly what state you have now found yourself in?
Be particularly concerned if you used the likes of Citrix to enable access to desktop applications - if unconstrained you could be liable for all potential usage, not just actual usage.
Or if you inadvertently permitted a level of multiplexing by routing traffic or enabling access at the simplest level (think generic logons, or joint application connections) you'd best tidy things up.
Don't be complacent thinking there has got to be some vendor leniency out there - we are already aware of audits being undertaken - there is no compromise when revenue is at stake.
So as always, take stock of your situation - get on top of your compliance position and be ready to assert your view rather than just accept what state your vendor tells you you're in.
... and if you need help to do so, just contact us
If it seems that your vendors are unwilling (they'll say unable) to accept a termination for convenience clause these days, you're not alone. Often this will be justified by citing their companies accounting rules and practices aligned to the 2014 revenue recognition changes post Enron where they'll refer as below:
What they don't refer to is the fact that where termination charges are provided full contract revenue can be recognised:
Of course the "substantive" qualification is the issue - just how substantive should it be?
Well there are no firm guidelines in that respect, other than simply compensating a supplier for services or deliverables provided up to the effective date of (early) termination will not be regarded as substantive. Guidelines only advise that "judgment has to be applied with consideration given to quantitative and qualitative factors". Government contracts typically require a termination for convenience clause and will state (in part) something similar to the below:
Having negotiated the termination for convenience clause we're now comfortable that all is good right? Well no, there are further issues to contend with. If (and thats a big 'if') the matter gets to court there would likely be consideration as to whether the contract was 'illusionary' based on the very right to terminate at will, or that the termination was not enacted in 'good faith', or even as far as not following the termination right explicitly which opens the door to damages!
So what other options are there? Well that of course depends on what exactly is being contracted, but consider the following:
Key to all of the above is explicit language that clearly defines the criteria by which the clauses can be invoked - when things break down to termination your vendor will not be overly receptive to subjective positions, ambiguities, or plain old opposing points of view.
And while the lawyers are endlessly debating the virtues of limitations of liability and insurances and everything else basically immaterial just ask yourself when you actually last went to court, and then ask what typically goes wrong with your contracts - invariably its performance based and for that, you just need an appropriate provision for ...
... a hasty, unequivocal exit, at the lowest possible cost!
About to be hit by the RHEL6 and Windows 2008 double whammy?
If you're just organizing your Red Hat Enterprise Linux 6 Extended Life (ELS) phase for the end of November don't forget Windows Server 2008 Extended Security (ESU) phase is about to rollover to year 2 in January!
Unlike RHEL6 with WS2008 you'll need to cover all of the base licenses with ESU entitlements, and at 75% of the current list price that can prove to be a very expensive exercise. So if you won't have time to migrate off WS2008 your best option - depending on numbers - is to isolate them, either via host affinity in your virtual farms or by pushing them onto physical servers.
Fortunately Red Hat licensing allows the choice of either physical sockets or virtual machines, so you can mix and match to suit. The tipping point is around 6 VMs, and again you can limit your exposure by applying host affinity rules in your virtual farms. There has been some conjecture as to whether the VM license covers one or two VMs - we are reliable informed that it does indeed cover two.
The bottom line is of course, keep ahead of product lifecycles - it will always be more cost effective from a licensing point of view, but of course often difficult in the business context. The same situation will be upon us soon enough with WS2012 and RHEL7, so time to look ahead, ramp up the urgency, and get migrations on the agenda.
So what do I get and what will it cost?
Firstly - Microsoft:
You'll need to be an Windows Server (for as many servers as need cover) Active Software Assurance (SA) customer. Costs are then dependent on the type of installation:
In Azure: Customers running Windows Server in an Azure Virtual Machine will get Extended Security Updates for no additional charges above the cost of running the virtual machine.
On-premises: Customers with active Software Assurance or subscription licenses can purchase Extended Security Updates for approximately 75% of the on-premises license cost annually.
Hosted environments: Customers who license Windows Server through an authorised SPLA hoster will need to separately purchase Extended Security Updates under an Enterprise or Server and Cloud Enrolment, either directly from Microsoft for approximately 75% of the full on-premises license cost annually or from their Microsoft reseller for use in the hosted environment.
For Red Hat:
You must have already have paid for a Red Hat Enterprise Linux subscription before purchasing the ELS Add-On subscription for it. ELS Add-On is applicable to Standard or Premium subscriptions and can not be applied to self-support subscriptions. Note that ELS should be purchased prior to the start date of the ELS period (December 1, 2020 for RHEL 6), otherwise the ELS Add-On subscription will be back-dated to the start date.
The cost on the Red Hat store is US$250 for Standard or US$775 for Data Center, so around AU$500 (2x VMs) to AU$1500 (Socket Pair).
What do you need to do?
All services, products, and offers in Open License program today will remain available until January 1, 2022. To plan for future purchases, ask the partner you’re currently buying software licenses from about your options. Your partner can help you decide the best steps for you, whether that’s new licenses or online services subscriptions. If you don't have one, you can Find a Microsoft partner.
Are there any other options available?
Yes - depending on what you want to purchase you can make use of the Open Value or the Open Value Subscription program:
Here's a reminder of the differences between the current programs:
So nothing alarming in this announcement, more just an evolution of a 20 year old program to align with Microsofts contemporary go to market structures. While 2022 might seem some time away you can be sure the changes will begin to emerge through 2021, so just something more to be aware of and prepare for in the ever changing world of software licensing!
Thinking to drop some Oracle product from maintenance to save some funds?
... think again.
You'd of course think that dropping product from your annual maintenance renewals would be treated as a simple removal of the line item and its associated cost - why wouldn't it be - you're keeping those remaining as-is so what's the problem?
Now this gem of a policy states: In the event that a subset of licenses on a single order is terminated or if the level of support is reduced, support for the remaining licenses on that license order will be priced at Oracle's list price for support in effect at the time of termination or reduction minus the applicable standard discount.
Wait? ... What??
Yep, just because you were so brash as to drop maintenance on product you no longer needed, whatever you're retaining on that order is going to be repriced - and by reprice they of course don't mean down!
Oh but the good news is in the next sentence: Such support price will not exceed the previous support fees paid for both the remaining licenses and the licenses being terminated or unsupported, and will not be reduced below the previous support fees paid for the licenses continuing to be supported.
So rest assured loyal Oracle customer - any repricing will not exceed what you were already paying, it'll just match it. So those dollar savings that you put forward saying 'we're gonna drop product x, y, and z from the next renewal and save bucket-loads' is probably the opposite - depending on whats left you might end up paying exactly what you were before!
So, what has the uptake of Java SE Subscriptions been like?
There have been regular communications from Oracle promoting the value of their Java SE subscription service since version 8 went end-of-public-update (EoPU) in January 2019, but what has the uptake actually been like?
The latest (July 2020) statistics have been published as below, with 57 vulnerabilities reported since the EoPU of Java 11, with 7 attaining a CVSS (Common Vulnerability Scoring System) of 7 or more (reflected below). The question being, is that enough of a concern to pick up the phone and make the call to your Java Business Rep?
A reasonable question, and one for which we don't have a definite answer. Anecdotally, the view would be not generally, however this is unsubstantiated so we'd be keen to get a view from the industry - please take the time to complete our quick 2 question poll below:
Thanks for taking the time to contribute - we'll publish the results soon!
An innocuous Announcement Letter may be more telling than it seems ...
While discounts will remain for hybrid and cloud platforms, as of 1st July these will no longer apply to your on-premise installations. With statements such as:
"where we will continue to focus our investment and innovation"
"it is recommended that your company evaluate and plan a transition to the equivalent, cloud- and/or hybrid cloud-based offering"
The message seems pretty clear that the future as IBM sees it is all in the Cloud, certainly if you're looking for discounts on your next purchase of PA software. It will be interesting to see what might follow in IBM's plans to further 'encourage' cloud migration, and how others might adopt similar strategies.
Data Recovery Environments using Copying, Synchronizing or Mirroring Standby and Remote Mirroring are commonly used terms to describe these methods of deploying Data Recovery environments. In these Data Recovery deployments, the data, and optionally the Oracle binaries, are copied to another storage device. In these Data Recovery deployments all Oracle programs that are installed and/or running must be licensed per standard policies documented in the Oracle Licensing and Services Agreement (OLSA). This includes installing Oracle programs on the DR server(s) to test the DR scenario. Licensing metrics and program options on Production and Data Recovery/Secondary servers must match.
Servers – Disaster Recovery Rights: For each Instance of eligible server software Customer runs in a Physical OSE or Virtual OSE on a Licensed Server, it may temporarily run a backup Instance in a Physical OSE or Virtual OSE on either, another one of its Servers dedicated to disaster recovery, or, for Instances of eligible software other than Windows Server, on Microsoft Azure Services, provided the backup Instance is managed by Azure Site Recovery to Azure. The License Terms for the software and limitations apply to Customer’s use of the backup Instance.
If its not specifically called out in the VMware Product Guide it will need licensing, and that means everything other than Continuent and vRelaise for Log Insight. Surprisingly, VMware deem an install to be 'use' of the software - yep - just binaries sitting on a disk.
RHEL Linux Subscription Guide: Cold backups: The server has software installed and configured, but it is turned off until the disaster occurs or for periodic disaster recovery procedure tests. For Red Hat Enterprise Linux, this means that the customer is allowed to preload the bits as a courtesy. However, Red Hat Content Delivery Network cannot be used to update the system until the disaster happens. Then, the paid subscription on the failed machine transfers to the cold backup sever. In this case, a customer does not need two subscriptions. The customer will consume only one subscription at any point in time. Red Hat will allow the customer to pre-provision the software bits onto the cold backup machine as a courtesy. If a customer is found to be running more units of Red Hat Enterprise Linux than the customer has subscribed for because the customer has found a use for these pre-provisioned servers other than this cold backup use case, the customer is obligated to pay Red Hat.
Backup Use Defined: For programs running or resident on backup machines, IBM defines 3 types of situations: “cold”; “warm”; and “hot”. In the “cold” and “warm” situations, a separate license for the backup copy is normally not required, no additional charge applies, and IBM does not need to be notified. In a “hot” backup situation, the customer needs to acquire another license. All programs running in backup mode must be under the customer’s control, even if running at another enterprise’s location.
All might not be as it seems - check this list of ILMT gotcha's
Here are out top five tips for trimming your PVU sub-capacity report counts:
1. Incomplete Vitualisation - the 'TVM' predicament
If your ILMT configuration is not fully or properly implemented you're likely to find incomplete virtualisation heirarchies in your VM Manager connections, which result in every affected VM being treated as a stand-alone physical machine at the highest PVU rating of 120 PVUs per core). This can quickly add up where you might otherwise be entitled to the likes of 70 PVUs per core.
2. Missing Software Classifications
Central to the accuracy of ILMT reporting is the much dreaded 'Software Classification' process. If you choose to ignore this painstaking requirement you can be sure you'll pay the price either in real terms or in time-draining dispute at your next audit. Essentially, every exempt PVU count in your environment needs to be catagorised as such, meaning instances that are to be excluded from PVU counts (which depending on the License Terms are likely Developer, DR, or Test installs) need to be individually identified as such via this (ongoing) activity.
3. Unrecognised Bundling
As a follow-on to the Software Classification issue above, you'll then likely notice that where you have installed Supporting Programs on a different server - where entitled to do so under the License Terms - the program will magically form part of the PVU count, ie. bundling is not recognised across servers. So once again you'll need to identify these instances and exclude them from the relevant count, making sure you add comments to qualify the classification.
4. Reallocation High-Water Marks
So you dutifully maintain your vCPU's to your level of entitlement, which, as you're permitted to do, includes the occasional reallocation across servers to match processing and performance needs. Given you've balanced the core counts out all is good - right? Well ... no, ILMT will track the high-water mark for each server in the 90-day reporting period, so for example a taking a core from a 4 vCPU server to assign to a 3 vCPU server will see both reporting as 4 vCPU servers for that period.
To be in a position to challenge this make sure you have or take - and keep - separate records that evidence the reassignment of cores to negate any double counting.
5. Ghost Decommissioning
Similar to the above, you might think that decommissioning one server to deploy another would be quite within your rights as long as you (as always) don't exceed your level of entitlements. Well ... no, the decommissioned server will also report within the same 90-day period as the new server - potentially a bigger problem than the issue with high-water marks. So again you'll need to either classify the server accordingly, or ensure you have the right artefacts to contest any double recognition, or both.
... a lot of overhead right?
And that's where a secondary source of truth can prove essential ...