Software Compliance
  • Home
  • What We Do
    • Services
    • Tools
    • Experience
    • FAQ
  • Resources
    • Company >
      • About Us
      • Careers
    • Agreements
    • Documentation >
      • Brochure
      • Datasheet
      • Security Measures
      • ComplianceWare >
        • Software
        • Hardware
        • Cloud Configuration
  • Contact Us
  • Latest
  • Search

Broadcoms VMware - and it is so.

28/11/2023

0 Comments

 

Perpetual licensing is no more.  It is not resting ... it is stone dead.

Picture
Further to the update in our May'22 blog Broadcom have announced a 'simplified offering lineup and licensing model' that will - of most interest - put an end to the availability of perpetual licenses. The statement itself is quite definitive:
  • Complete the transition of all VMware by Broadcom solutions to subscription licenses, with the end of sale of perpetual licenses, Support and Subscription (SnS) renewals for perpetual offerings, and hybrid purchase program/subscription purchase program (HPP/SPP) credits beginning today (effective dates will vary). Additionally, we are introducing a bring-your-own-subscription license option, providing license portability to VMware validated hybrid cloud endpoints running VMware Cloud Foundation.
So as we predicted at the back-end of 2021, customers will no longer have the benefit of ownership to revert to - it's subscription all the way - and that is entirely at the behest (benevolence?) of the supplier. So now the observations begin in earnest. Will subscriptions result in the benefits commercial and otherwise that are promised, or will you find your choices are more limited, while your costs are not.
To challenge any degradation in your position you'll need the facts - the basis of your original position to compare to where you have arrived, and this may well be some years down the track, so again this is where a robust SAM function will step-up with the analytics and the matter of record to enable such a conversation to occur.
Overall - a sad chapter in the history of software licensing. Where choice is removed from the client it can only be bad.
0 Comments

What? ... Cloud options restrictive and costly?

22/9/2023

0 Comments

 

Now who would of thought.

US ​Government Accountability Office (GAO) finds restrictive software licenses associated with commercial cloud contracts have resulted in increased costs and limited choices in service providers.

Picture
The GAO analyzed six randomly selected Department of Defense (DOD) programmes based on fiscal year 2023 budget size and grouped the investments into three groups — greater than $100 million, between $100 million and $10 million, and between $10 million and $1 million, with key findings that vendors:
  • limited the ability to migrate the department’s software obtained through pre-existing, traditional commercial software licenses to cloud computing;
  • established terms and conditions that limited DOD access to previous versions of software;
  • established terms and conditions that impeded the department’s use of specific software by requiring compatibility with specific versions of software from other vendors;
  • limited software available for cloud computing in certain commercial markets where the vendor had significant market share;
  • restricted DOD’s use of software to the vendor’s proprietary cloud or a limited number of competitor cloud solutions;
  • prevented DOD from operating software on specific cloud platforms; and
  • sold software that met DOD requirements only in packages with other software not needed to meet requirements.
Not a good story, although no doubt a common one that, given CIO's and CTO's relentless push to the cloud in recent times, (fully endorsed by doe-eyed executive committees and boards clambering to chat that 'yes, we're doing that too') are unlikely to get air time in that respect - just glowing reports of progress and ever increasing (perhaps slowly)  'number of migrated applications' statistics.
Now we're not saying there is no place for the cloud - there is - but per the recommendations of the GAO from this report, it needs to be formulated through guidance and plans that fully address identifying, analyzing, and mitigating the impacts of restrictive software licensing practices on cloud computing efforts.
And therein is the problem. Many CIO's and CTO's would rather rely on vendors or consultants recommendations rather than their own in-house expertise across IT, SAM and procurement teams who know in detail what - and where - costs and impacts are likely to arise.
So if nothing else, perhaps try to use the GAO's Examples of Reported Restrictive Software License Practices table below as a minimum checklist of what to consider with your next cloud migration programme - it might bring some future issues to light and maybe even save just a little grief! 
Picture

0 Comments

Don't Forget Development Licensing

19/7/2023

0 Comments

 

Although it's easy to overlook regular reviews of your development environments - it's still necessary.

Consider one of the most prolific of these - Microsoft's Visual Studio, with an updated 2023 ​Licensing Whitepaper for the Microsoft Visual Studio Product Family and Visual Studio Subscriptions.
Picture
Focusing on the 2022 edition of Visual Studio, the guide complements the standard Product Terms and/or the EULA for retail and community versions, with the Visual Studio License Directory also a good reference site covering all things related to Visual Studio, including prior versions.
Firstly, aside to the Community Edition (being the free, full-featured IDE for individual developers and small organizations with 5 or less developers, and for education and open source software), what are the available options:
Picture
The licensing fundamental with all Visual Studio subscriptions and Visual Studio Professional is that they are licensed on a per-user basis, meaning each licensed user may install and use the software on any number of devices to design, develop, test, and demonstrate their programs. Visual Studio subscriptions also allow the licensed user to evaluate the software and to simulate customer environments to diagnose issues related to your programs. Importantly, each additional person who uses the software in this way must also have a license.
You'll also need to consider the environments in which Visual Studio can run, as although the licensed user can install multiple versions on multiple devices, it cannot be used in a production environment or environments that constitute production environments such as:
  • Environments that connect to a production database
  • Environments that support disaster-recovery or backup for a production environment
  • Environments that are used for production at least some of the time, such a server that is rotated into production during peak periods of activity. 
So keeping in mind these two base conditions - ie. everyone who uses the software (with some exceptions such as acceptance tests) must have a license, and use is limited to certain environments - review the paper for guidance specific to your situation and ensure you are compliant, as remedial costs attached to any breach can be very (and that is Very) costly.
0 Comments

Changes to IBMs PA Agreement

16/3/2023

0 Comments

 

Why. So. Serious ??

Changes announced under revision 11 to the Passport Advantage® Agreement (IPAA) and Passport Advantage Express Agreement (IPAEA) are likely to prove onerous to all.
Picture
Tucked away (as usual) outside the summary of updates is clause 4.1 - License Verification and to a lesser extent 10.2 - Client's Reporting Responsibilities (applicable to sub-capacity licensing), which compound compliance and reporting obligations - lets take a look.
Firstly, clause 4.1.(a) states the "Client will, for all Programs at all Sites and for all environments, create, retain, and each year provide to IBM upon request with 30 days' advance notice: i) a report of deployed Programs, in a format requested by IBM, using records, system tools output, and other system information; and ii) supporting documentation (collectively, Deployment Data)". Unlike version 10 of the PA Agreement (November 2017) which contained a much more lenient requirement that "Client agrees to create, retain, and provide to IBM and its auditors accurate written records, system tool outputs, and other system information" which would occur simply "on reasonable notice" rather than a regular, annual basis.
Adding to this, where running under sub-capacity licensing as before you are then required to "properly install, run, and maintain the most current version of the applicable license reporting tool within 90 days of Client's first deployment and produce a report. Unless IBM approves a different reporting tool, the Client agrees to the following tools.
  • Sub-Capacity Products -Client will use the IBM License Metric Tool (ILMT) and to subscribe to the ILMT support notifications at http://www.ibm.com/support/mynotifications and promptly install any updates.
  • Container Products – Client will use the IBM License Service tool and Client is responsible t to correctly configure according to the Eligible Container Product's documentation"​
Ok, no real change there and easy enough right? Well yes, you're still required to run and keep reports at minimum quarterly and retain for a two year rolling period - and remember to have an individual(s) who is assigned the "authority to manage and promptly resolve questions on reports or inconsistencies between report contents, license entitlement, and the applicable license reporting tool". Better check that's been added to the appropriate JD's along the way.  The new clause 10.2.(e), is somewhat favorable to the client in that it provides an avenue to address (with IBMs consent) deviations from the sub-capacity model, which in most cases would probably result from  operating systems becoming non-eligible over time.
What we (and others) have always attested to though is being solely reliant on one reporting tool, like ILMT, can prove very problematic in that where improperly configured you could easily be over-reporting and paying much more than you should - having an independent product (like ComplianceWare) is often the best - or only - way to reconcile outputs and ensure accuracy.

so ... when does all this start?

Well, basically now:
  • from 1 February 2023 for new IPAA Client enrollments and new IPAEA transactions; and
  • from 1 May 2023 for current IPAA Clients notified on 1 February 2023 of the new terms which will be effective for them on 1 May 2023 per the terms of IPAA. 
0 Comments

The Oracle Java Precept

23/2/2023

0 Comments

 
Picture

New Java pricing model ...
​... new cost.

Oracle have announced (January 2023) a new pricing model for its Oracle Java SE Universal Subscription offering that is based on the number of employees rather than the prior per user or per processor metrics, and that could prove costly to many customers - firstly, lets look at the Employee definition:
Employee for Java SE Universal Subscription: is defined as (i) all of Your full-time, part-time, temporary employees, and (ii) all of the full-time employees, part-time employees and temporary employees of Your agents, contractors, outsourcers, and consultants that support Your internal business operations. The quantity of the licenses required is determined by the number of Employees and not just the actual number of employees that use the Programs. For these Java SE Universal Subscription licenses, the licensed quantity purchased must, at a minimum, be equal to the number of Employees as of the effective date of Your order. Under this Employee metric for Java SE Universal Subscription Programs(s), You may only install and/or run the Java SE Universal Subscription Program(s) on up to 50,000 Processors, If Your use exceeds 50,000 Processors, exclusive of Processors installed and/or running on desktop and laptop computers, You must obtain an additional license from Oracle. 
Key points - Count all employees, not just users, and this includes those outside the organization that support your internal business operations! How many individuals might that definition capture in a large enterprise, if you can indeed identify and track them accurately at all !! Then you're facing a tiered per user monthly subscription cost (that reduces based on higher volumes, phew) that would see a shop of 500 Employees facing $7,500 per month in subs!

So what are my Java options ...

  • Oracle Open JDK is free, but you'll have to upgrade every six months to stay current (including with security patches) - note though, as Open Source there are other JDK options from other vendors that offer further support.
  • Oracle JDK has Long Term Support (LTS), ie. fully supported by Oracle with quarterly updates and a 2 year LTS release cycle, free for development etc, but you'll likely have to pay for use in production (refer below).
So lets look at the licensing currently available for Oracle Java SE releases​:
  • Oracle OpenJDK releases are under the open source GNU General Public License v2, with the Classpath Exception (GPLv2+CPE) (available since Java 9).
  • Oracle JDK 17 (the 'Program') and later is available under the Oracle No-Fee Terms and Conditions License which permits free use inclduing for your own business operations, however, if you distribute software You must not charge Your licensees any fees associated with such distribution or use of the Program, including, without limitation, fees for products that include or are bundled with a copy of the Program or for services that involve the use of the distributed Program.
  • Oracle JDK 11, Oracle JDK Java 8, and Oracle JRE with Java Web Start in Java 8, are available to Oracle Customers via My Oracle Support and also under the OTN License Agreement for Java SE. This OTN license permits personal use, development, testing, prototyping, demonstrating and some other limited uses at no cost.
  • Oracle JDK 7 releases are available on My Oracle Support for Oracle Customers only.

And how do the LTS and non-LTS releases co-exist?

For product releases after Java SE 8, Oracle will designate only certain releases as Long-Term-Support (LTS) releases. Java SE 7, 8, 11 and 17 are LTS releases. Oracle intends to make future LTS releases every two years meaning the next planned LTS release is Java 21 in September 2023. For the purposes of Oracle Premier Support, non-LTS releases are considered a cumulative set of implementation enhancements of the most recent LTS release. Once a new feature release is made available, any previous non-LTS release will be considered superseded. For example, Java SE 9 was a non-LTS release and immediately superseded by Java SE 10 (also non-LTS), Java SE 10 in turn is immediately superseded by Java SE 11. Java SE 11 however is an LTS release, and therefore Oracle Customers will receive Oracle Premier Support and periodic update releases, even though Java SE 12 was released.
Picture
This fundamentally raises some questions and no doubt financial concerns for many, so if you haven't done so already make sure you're across your Java landscape and can quantify not only future costs, but future efforts, and make the right decisions for how you want to continue with your Java developments and solutions.
0 Comments

IBM launches New License Information Site

26/10/2022

0 Comments

 
Picture

A slick new consolidated (and overdue) look for all IBM terms from one convenient site.

The site contains IBM's standard terms, you can access and view online. Below is a summary list of the standard terms hosted on the site:
  • IBM Client Relationship Agreement (CRA) is the single agreement used to procure most IBM offerings.
  • The CRA family of agreements provide Clients with the flexibility to acquire a specific set of offerings with only the terms necessary to support the acquisition of those offerings. The CRA family of agreements, includes but is not limited to, the Cloud Services Agreement (CSA) and the CRA – Services.
  • Attachments to the CRA family of agreements. When a Client uses one of the CRA family of agreements for a prior transaction involving only a specific offering and chooses, at a later time, to expand the terms of their CRA family of Agreement to include other offerings, they may do so by adding an attachment containing those supplemental terms when desired.
  • IBM Data Processing Addendum (DPA) and Statement of Limited Warranty (SoLW) and other standards required to meet specific regulatory, legal and offering specific requirements.
Use the filter function to view specific content by selecting the applicable category, country and language.
Picture
The Software license terms (all post May 1999) are searchable via the 'Licensing & Compliance' filter category, by time frame or license information (Program name/number, document form/part number, License Information (LI) number or License Information (LI) title):
Picture
The (incremental) search then returns a tabular list of qualifying documents (this example for Message Broker):
Picture
Which on selection provides the License Information detail in the familiar (and traditional!) format:
Picture
So nothing new or revolutionary on that front, however the ease of use and in particular the layout, share, download, and notification options provide all of the basic /requisite features you'll need - all in all, a welcome step forward from the IBM licensing team!
0 Comments

Broadcom's VMware Acquisition ...

27/5/2022

0 Comments

 

A 'rapid move to subscription licensing' is telegraphed by Broadcom to expedite returns.

Picture
It was only December when we wrote about 2022 potentially being the 'beginning of the end for perpetual licensing', and with Broadcom's announced acquisition of VMware we are surely seeing the telling signs. 
The transaction is expected to add approximately $8.5 billion of pro forma EBITDA from the acquisition within three years post-closing, which, as reported by the Register, is a significant undertaking given VMware currently produces about $4.7 billion. Their strategy to accomplish this? According to Tom Krause, president of the Broadcom Software Group, who stated on a Broadcom earnings call that they would embark on a “rapid transition from perpetual licenses to subscriptions.”

and that can only mean one thing ...

... higher costs to the customer. 

Of course, there will be the usual designs on new customers etc, but fundamental growth can surely only come from the existing client base. The formula no doubt has been carefully crafted, planned for the coming months and years, and be executed slowly and purposefully renewal by renewal.
As we know with any push to a subscription model the initial proposition will be quite compelling - savings on the spot! Existing investments in perpetual licenses will be recognised and applied! No wastage - pay only for what you use! No downside at all - wait hold on - you're adding consumption? That'll be at a different rate - its new workload after all. And the next renewal - well we've had to add some research and development investment there, as well as account for our additional operational costs, so yes, admittedly quite a jump there.
However with CIO's and CTO's promoting the relentless move to cloud and subscription based platforms for the short term ROI, it'll be awhile before those 'would it be more cost effective to run this stuff in-house' questions emerge in the boardroom, and by then, the changes will be irreversible and well ... just too late.
So we will watch with interest what else might develop over the year in this space, be it via M&A or just plain changes in vendor offerings and models. What does seem to be more and more clear though - perpetual licenses are indeed an endangered species.
0 Comments

Microsoft Drops SA Support Benefit

15/4/2022

0 Comments

 

As of 1st February 2023 the SA 24x7 Problem Resolution Support benefit is being ... 'retired'

In an update to the changes announced in 2019 Microsoft will no longer offer any support outside of paid support.
Picture
Original plans had customers entitled to a 24 hour support response time when their Software Assurance spend was more than $250,000 USD - as of next year though, you'll need a Support Contract.
That means either a Unified Support arrangement across your enterprise, or the uptake of pay-per-incident support (also available as a 5-pack option that expire within a 12 month period), which doesn't seem a particularly attractive proposition to smaller organisations. If you do have a Unified Support Contract you can transfer any current Software Assurance 24x7 Problem Resolution Support incidents before February 1, 2023.
And the costs - well Unified Support is customised based on the actual spend, where pay-per-incident is published at Professional Support For Single Incident – $499 USD for 1 user. Professional Support For Five Pack Annual – $1,999 USD for 1 User.
So you might need to revisit those 2023 forecasts just to make sure you've covered any additional costs you might incur - or maybe challenge Microsoft to their commitment that "Our goal is to ensure every customer gets comparable support services at a comparable price, despite the benefit retirement." !
0 Comments

Vendors Performing Your System Installs?

26/3/2022

0 Comments

 

A caution when relying on vendors to deliver projects with software installs.

Picture
Many projects require the expertise of vendors to install, configure and productionize their software and systems, however as the client and end-consumer you need to be aware of what exactly is making its way into your environments.
All too often following discovery we'll find unaccounted for vendor software, which typically after an onerous investigation is found to be remnants from the vendor-led project, anything from desktop clients to entire VM's, each of which can have dire compliance implications and cost.
But "hold-on - we didn't install it - the vendor did" is the common response, however a quick pointer to the relevant contracts will soon expose that this does not offer any defense - the customer is always responsible for compliance, even if it is the very vendors software in question.
At a more concerning level is when a vendor installs another vendors software - while this is not uncommon with the extent of partnerships and interoperability in the modern industry, it still needs to be clearly and formally covered, ideally contractually or by reference to the vendors right to distribute and use any IP they don't own. These artefacts need to be registered and retained in the event of an audit that questions your usage rights - in the worst case scenario  if the vendor has breached another parties IP rights you too could end up subject to an infringement claim, and that's no place you want to be.

So, while the vendor might be responsible for the project, you'll still be accountable for the end product.

That means ensuring your project team stays across all vendor activities - enforce your BAU practices and protocols for distributing and installing software - in all environments - for traceability and tracking purposes. The project shutdown then needs to include a close-out phase where what's been installed (anywhere) is reconciled to what you've acquired, and also what you're actually entitled to use (aka Read The Contract). Where there are gaps you'll need to either recalibrate, purchase, decommission, or have the vendor explain and resolve - all before the project can be declared finished and complete.
And never rely on the vendor's personal emails or assurances that 'all is well' - none of that will hold-up under audit (even if they are still there). When it comes to IP all bases need to be formally covered, and if that's proving to be a problem, well you might want to be even more wary.
0 Comments

Adobe Reader Distribution Rights

10/1/2022

0 Comments

 

Does your company distribute Adobe Reader to employees? ... if so, make sure you have a valid Distribution License.

Picture
Many companies are unaware of their obligations when they distribute Adobe Reader software within their organisation, that is ...
 ... even though it's free it still needs a license arrangement with Adobe.
Now it's not as onerous as it sounds - it can all be done online, so lets look at some of the detail.

When do I need it?

A Distribution License Agreement is required for:

  • ​Corporations and organisations that want to distribute Acrobat Reader or the Acrobat Reader mobile app on a company intranet site or local network.
  • Commercial vendors that want to bundle Acrobat Reader or the Acrobat Reader mobile app on physical media such as a CD or DVD, on OEM hardware such as computers and mobile devices or with OEM hardware such as scanners.
Individuals interested in the software for personal use can download it free without applying for a Distribution License.
​

Note: You do not need to apply for a Reader Distribution License if you prefer to direct users from your website to Adobe.com to download Reader.

What does the Agreement allow me to do?

You will be authorised to:
  • Distribute the current version of Adobe Reader within your organisation, for internal use only, from ​a copy of the software installed on a file server for the purpose of downloading and installation to computers within your internal network.
  • Distribute the software on a standalone basis on physical media including a hard drive.

What are the key restrictions?

You must:
  1. Only distribute the version of Adobe Reader stated in your confirmation email.
  2. install only one copy of the software on a file server for the purpose of allowing use via NFS, Citrix or other virtualisation technologies.
  3. Within 6 months of the release of a major new version by Adobe, cease distributing the current version and move distribution to the new version.
  4.  Not configure or distribute the software for use without installation, other than as provided for under (2) above.

Ok, got it ... what do I do now?

You'll need to apply for a desktop license which will take just a few minutes and is required to determine how you intend to use Reader. After you complete the short online form, you'll receive an email with a link to the installers. You'll also need to mark a renewal date 12 months from receipt to reapply - the agreement is only valid for one year.
0 Comments

The Burden of Proof ...

28/10/2021

0 Comments

 
Picture

Ensuring you have
complete records of
purchase is an often
​overlooked SAM essential.

In the absence of strict procurement practices and robust record keeping its all to common to see organisations struggling to retrieve their records of purchase backing-up their claim to entitlements. In fact how often do we hear "yeah we've got 20 licenses for that - they're listed on Dave's spreadsheet".
Now lets be clear - the fact that it's on Dave's, or Susan's or anyone's spreadsheet does not constitute evidential fact. For that, you'll need the Proof of Entitlement if issued by the vendor, or the (signed) Contract containing the license grant, or the Order issued under it for the products in question. At a minimum if those are lost in the tracks of time (no doubt residing only in someone's email who has long departed the employ of the company), you'll need the latest invoice that shows the products and quantities that were covered by the last payment (ie. either actual purchase or renewal).
Again, its all too common that it's not until an audit that organisations are forced to scramble through the purchasing, legal, IT et al records looking for some artefact to substantiate the otherwise baseless right of use claim for the vast overage of licenses that have been deployed! This trek down memory lane can be the most time consuming - and often fruitless - use of specialized resources, the cost of which is not generally recognized by management and similarly overlooked in the justification of a dedicated SAM function.
So what's the alternative? Quite simply a process that ensures those essential records are properly recorded in an organized and readily accessible system, and are kept current through routine and ongoing ownership - once established this is not as much of an overhead as it might seem, and having all of that data at hand when challenged by a vendor can go a long way in underlining your disciplined approach and credibility in such a way that you'll be last on the next audit round list, if in fact on their radar at all.
Now this will no doubt rally those skeptics with their "wait - I just call my reseller and say give me a list of what we own" approach, and while this might offer some solace it doesn't necessarily constitute proof in the same way that last document of fact - the invoice - does. How's that? Well for one example think of step-up licenses that will be printed there for all to see, but what about the original license it is based on (and worse, what if that original license is actually still in use!), or those 'from-SA' uplifts that require unravelling potentially years of purchase history to properly determine entitlement. All best avoided by having a routine practice supported by a specialized system in the first place ... 
... and for that, you might want to check out:
Picture
0 Comments

The End of Termination for Convenience

21/11/2020

0 Comments

 




​Are revised accounting rules just being used to deprive clients of termination rights...

... or is there more to it?

Picture
If it seems that your vendors are unwilling (they'll say unable) to accept a termination for convenience clause these days, you're not alone. Often this will be justified by citing their companies accounting rules and practices aligned to the 2014 revenue recognition changes post Enron where they'll refer as below:
  • if an agreement (i) provides for termination for convenience and can be terminated at any time, and (ii) the supplier is not entitled to any compensation or the termination charges are insignificant, then the supplier is not permitted to recognise the contract revenue for the full contract term (technically they can only recognise revenue for the termination notice period e.g. 30/60/90 days).
What they don't refer to is the fact that where termination charges are provided full contract revenue can be recognised:
  • If an agreement (i) provides for termination for convenience and can be terminated at any time, and (ii) the supplier would be entitled to “substantive” termination charges, then the parties’ rights and obligations are regarded to support and extend for the stated contract term and the supplier is permitted to recognise the contract revenue for the full contract term.
Of course the "substantive" qualification is the issue - just how substantive should it be?
Well there are no firm guidelines in that respect, other than simply compensating a supplier for services or deliverables provided up to the effective date of (early) termination will not be regarded as substantive. Guidelines only advise that "judgment has to be applied with consideration given to quantitative and qualitative factors". Government contracts typically require a termination for convenience clause and will  state (in part) something similar to the below:
  • any reasonable costs incurred by the Contractor that are directly attributable to the termination;
thus (1) putting the onus of quantifying the charges on the supplier, and (2) vanquishing their argument for full revenue recognition.
Having negotiated the termination for convenience clause we're now comfortable that all is good right? Well no, there are further issues to contend with. If (and thats a big 'if') the matter gets to court there would likely be consideration as to whether the contract was 'illusionary' based on the very right to terminate at will, or that the termination was not enacted in 'good faith', or even as far as not following the termination right explicitly which opens the door to damages!
So what other options are there? Well that of course depends on what exactly is being contracted, but consider the following:
  1. With a product or application allow a timeframe for a 'proof of concept' or 'fit for purpose' test on what's being acquired - if it doesn't meet your (stated) criteria allow for graceful termination before the contract really gets started;
  2. While it can prove difficult associate the commencement of the contract with the 'productionisation' of the product or application;
  3. Break the contract into "+" terms, eg. a 1 year followed by a 2 year commitment or similar to allow for non-renewal;
  4. With consumption based models ensure there is a vary down option whereby you are able to reduce your usage to zero and pay only nominal costs through to expiry;
  5. Ensure there is always a termination for cause provision that enables cancellation where the product or application does not meet its stated capability or function;
  6. Similarly, with service based contracts ensure there is always termination for non-performance based on a level of (generally repeat) failure that degrades the service to an unacceptable level.
Key to all of the above is explicit language that clearly defines the criteria by which the clauses can be invoked - when things break down to termination your vendor will not be overly receptive to subjective positions, ambiguities, or plain old opposing points of view.
And while the lawyers are endlessly debating the virtues of limitations of liability and insurances and everything else basically immaterial just ask yourself when you actually last went to court, and then ask what typically goes wrong with your contracts - invariably its performance based and for that, you just need an appropriate provision for ...

... a hasty, unequivocal exit, at the lowest possible cost!

0 Comments

Oracle Support Policy

31/8/2020

1 Comment

 

Thinking to drop some Oracle product from maintenance to save some funds?

... think again.

You'd of course think that dropping product from your annual maintenance renewals would be treated as a simple removal of the line item and its associated cost - why wouldn't it be - you're keeping those remaining as-is so what's the problem?

The ​Oracle Software Technical Support Policies ...

... thats the problem.

Or more specifically, the "​Pricing following Reduction of Licenses or Support Level" section (page 4).
Picture
Now this gem of a policy states: In the event that a subset of licenses on a single order is terminated or if the level of support is reduced, support for the remaining licenses on that license order will be priced at Oracle's list price for support in effect at the time of termination or reduction minus the applicable standard discount. ​
Wait? ... What?? 
Yep, just because you were so brash as to drop maintenance on product you no longer needed, whatever you're retaining on that order is going to be repriced - and by reprice they of course don't mean down!
Oh but the good news is in the next sentence: Such support price will not exceed the previous support fees paid for both the remaining licenses and the licenses being terminated or unsupported, and will not be reduced below the previous support fees paid for the licenses continuing to be supported.
So rest assured loyal Oracle customer - any repricing will not exceed what you were already paying, it'll just match it. So those dollar savings that you put forward saying 'we're gonna drop product x, y, and z from the next renewal and save bucket-loads' is probably the opposite - depending on whats left you might end up paying exactly what you were before!
Now where (or more correctly with who) did ​those pesky money bags end up again??
Picture
1 Comment

Licensing DR Environments

30/5/2020

0 Comments

 

Vendor DR licensing requirements can be vague ...

... here's some insight into a select few with differing views and terms across their infrastructure software.

Picture

Picture
Oracle's approach is pretty easy to sum up - you pay for everything because ...
​it's installed!
Refer the extract below from the Oracle paper 'Licensing Data Recovery Environments':
Picture
Data Recovery Environments using Copying, Synchronizing or Mirroring Standby and Remote Mirroring are commonly used terms to describe these methods of deploying Data Recovery environments. In these Data Recovery deployments, the data, and optionally the Oracle binaries, are copied to another storage device. In these Data Recovery deployments all Oracle programs that are installed and/or running must be licensed per standard policies documented in the Oracle Licensing and Services Agreement (OLSA). This includes installing Oracle programs on the DR server(s) to test the DR scenario. Licensing metrics and program options on Production and Data Recovery/Secondary servers must match.

Picture
Some recent changes to SA Benefits have extended DR for SQL Server ...
... but you still need Software Assurance to take advantage of DR Rights 
Picture
Servers – Disaster Recovery Rights: For each Instance of eligible server software Customer runs in a Physical OSE or Virtual OSE on a Licensed Server, it may temporarily run a backup Instance in a Physical OSE or Virtual OSE on either, another one of its Servers dedicated to disaster recovery, or, for Instances of eligible software other than Windows Server, on Microsoft Azure Services, provided the backup Instance is managed by Azure Site Recovery to Azure. The License Terms for the software and limitations apply to Customer’s use of the backup Instance. 

Picture
You might think the friendly types at VMware would be lenient when it comes to DR ...
... thats not the case.
If its installed, it needs a license.
Picture
If its not specifically called out in the VMware Product Guide it will need licensing, and that means everything other than Continuent and vRelaise for Log Insight. Surprisingly, VMware deem an install to be 'use' of the software - yep - just binaries sitting on a disk.

Picture
With RHEL its nice and simple ...
... if its deemed COLD 
But it can't update until its run.
Picture
RHEL ​Linux Subscription Guide: Cold backups: The server has software installed and configured, but it is turned off until the disaster occurs or for periodic disaster recovery procedure tests. For Red Hat Enterprise Linux, this means that the customer is allowed to preload the bits as a courtesy. However, Red Hat Content Delivery Network cannot be used to update the system until the disaster happens. Then, the paid subscription on the failed machine transfers to the cold backup sever. In this case, a customer does not need two subscriptions. The customer will consume only one subscription at any point in time. Red Hat will allow the customer to pre-provision the software bits onto the cold backup machine as a courtesy. If a customer is found to be running more units of Red Hat Enterprise Linux than the customer has subscribed for because the customer has found a use for these pre-provisioned servers other than this cold backup use case, the customer is obligated to pay Red Hat. 

Picture
IBM's DR Policy has not changed since 2003 ...
... ​ for PA products Cold & Warm DR is no-charge
But don't run any 'Productive' work.
Picture
Backup Use Defined: For programs running or resident on backup machines, IBM defines 3 types of situations: “cold”; “warm”; and “hot”. In the “cold” and “warm” situations, a separate license for the backup copy is normally not required, no additional charge applies, and IBM does not need to be notified. In a “hot” backup situation, the customer needs to acquire another license. All programs running in backup mode must be under the customer’s control, even if running at another enterprise’s location. 
0 Comments

Microsofts New Licensing Terms Site

16/6/2019

0 Comments

 

A New And WeLcome Direction in Consolidated, Direct, Licensing Information

Microsoft announced the 1st June 2019 as the date at which the new 'Licensing Terms Site' will replace the current downloadable document versions of the Product Terms (PT) and Online Service Terms (OST) (although at date of this publication it is still stating "under construction and for preview use only.")
Not only ​is this intended to consolidate the myriad of licensing documents and material rife across Microsoft sites, but according to the FAQ (available here) will also ease navigation through filters available by program and product, and also introduce a new 'compared-to' function which allows users to compare changes (albeit post 1st June 2019) to 'current' use rights going forward - a useful utility!
So what does it look like? - the landing screen as below (see it for yourself here):
Picture
A quick test run found the site easily navigable, presenting targeted information based on your selection in the familiar format of the Product Terms structure. Of course it can't solve the 'knowledge complexity' invariably attached to licensing - you basically still need to know what you are looking for, and then be able to apply what you find to your own situation.
A quick delve into the SQL Server section highlights the information then available by edition:
Picture
All in all though a timely advance in the overall licensing landscape that would be welcomed across other vendors with similarly broad and complex license terms and models, which makes us wonder ...
 ... is it too much to hope for a cross-industry standard? 
0 Comments

So That's Sourcing ... THEN What's Procurement?

10/10/2017

0 Comments

 
You've been there right ... in a meeting, time for the mandatory introductions, and the chair says "now from Procurement we have ..." 
... so you shake your head (not visibly) and dutifully introduce yourself, thinking
"They still have no idea!"
So lets get a few things straight. Sourcing isn't Procurement. Sourcing ultimately involves Procurement, but other than that, it's quite different. And while we're on the subject, what's with 'Category Management?'      Really??
... to our thinking, 'Category Management' is just an unnecessary classification - sure - we work in categories, be it IT, Marketing, Stationary, Travel ... whatever, but it's the Sourcing label that defines the function.
Well then, if it is different, what is Sourcing ?
Sourcing, fundamentally is a discipline (much like, and in fact premised on, Project Management) - it has methodology, it has process, it has discipline, and it has rigour (for example, CIPSA). Not that Procurement doesn't - but Procurement ultimately follows the framework that Sourcing puts in place. Rather than straight 'buying' a good Sourcing practitioner will firstly work closely with the business to ensure there is an understanding (and proper framing and presentation) of requirements, development of a Market Strategy (who to approach, and how it should be constructed - RFI, RFP, RQT ...) , all backed up by a practice of relevant and credible assessment and evaluation (and that means no less than an objective, defensible process qualified by accurate data and irrefutable artefacts), followed by the subsequent qualification of supply (being full and complete due-diligence), with expert negotiation and  agreement of (favourable!) contractual terms, plus induction of this new supply (and if you're a regulated institution, don't forget your obligations here - your license could be at stake).
So where is Procurement in all of this? Procurement then steps in to make sure the ongoing acquisition of  contracted products or services occurs within the  framework of the Sourcing arrangements that have been put in place, tracking the metrics, monitoring the costs, measuring delivery - keeping the Supplier to their commitments.
But let's hear from the practitioners out there - all you Sourcing and Procurement people doing the job day in / day out - where would you classify your role, what differentiates your function, how might  you describe what you do?
We're keen to hear your view - share your thoughts ...
0 Comments

Indirect access. In Danger?

10/5/2017

0 Comments

 
It's there in the agreement, you can bet on it. Indirect Access. Whether it's disguised as 'qualified users, or 'devices', or perhaps 'multiplexing', it's prohibited. And that means you need to be sure that the access you're providing to your licensed systems is correct and compliant.

​The simple way to think about it is that if it's related to a proprietary system, or sourced from a proprietary system, any access must be properly authorised. And that means properly licensed. So whether it's via an API, an interface, or extracts, you need to ensure that you're compliant with the terms of your agreement - to not be can prove very problematic, and potentially very costly.

​Take the recent finding (Feb 2017) in favour of SAP UK over DIAGEO Great Britain which you can view at
http://www.bailii.org/ew/cases/EWHC/TCC/2017/189.html in a remarkably readable form for a crown judgement. The core of the matter was the "Named User" metric by which DIAGEO licensed its SAP installation, and the development and use of functionality within Salesforce (known as Gen2 or Connect) that enabled DIAGEO customers and distributors to places orders, check stock availability and prices, see invoices and select delivery. Through various interfaces back to SAP, Connect provided the necessary data, lists, and workflow to those end customers and distributors 24x7 negating the need for a call centre to receive and process requests. Despite DIAGEO asserting that the use of Connect by customers was essentially no different to when they contacted and were processed through the call centre, the judge saw otherwise and ruled that such access constituted use of the SAP system.

​The implications are yet to be seen, however in summary the damages were considered by the judge as below:
​​​
"In summary, usage by Gen2 sales representatives is not authorised usage under the Agreement. SAP is entitled to additional licence and maintenance fees, the level of such fees to be assessed in the quantum phase of the trial, if not agreed, by reference to the nature and extent of the usage and SAP's price list."
So, should we be concerned? Absolutely. If you're unsure of the your license grants or metrics, the terms of your agreements, or the compliance of any periphery/accessing systems, you need to take stock and run a full assessment exercise across your domain.

​To be unaware is to be in danger.
0 Comments
    • ​+
    • +
    • +
    <
    >

    Categories

    All
    Adobe
    Agreements
    Appliances
    Audit
    BCP & DR
    Cloud
    Compliance
    ComplianceWare
    Contracts
    Forums
    HCL
    IBM
    Intel
    ITAM
    Licensing
    Mainframe
    Marketplace
    Microsoft
    Negotiating Deals
    Open Source
    Oracle
    Partnering
    Red Hat
    Roles
    SAM
    Software Metrics
    SQL Server
    Support
    Windows Server

    Archives

    November 2023
    October 2023
    September 2023
    August 2023
    July 2023
    June 2023
    May 2023
    April 2023
    March 2023
    February 2023
    January 2023
    December 2022
    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016

Unravelling license complexity for Business
ACN 623 529 751

Privacy Policy | Terms of Use
Copyright © 2016-2024 (SWC) ​​

  • Home
  • What We Do
    • Services
    • Tools
    • Experience
    • FAQ
  • Resources
    • Company >
      • About Us
      • Careers
    • Agreements
    • Documentation >
      • Brochure
      • Datasheet
      • Security Measures
      • ComplianceWare >
        • Software
        • Hardware
        • Cloud Configuration
  • Contact Us
  • Latest
  • Search