The Software Landscape is now ripe for vendors to lock-in Subscriptions and eliminate what (to them) are much loathed Perpetual Licenses ...
So what could be done to solve their predicament - enter Subscription Software!
So make sure your cloud strategy includes a proper evaluation of licensing - ask where will I end-up following that journey from a commercial perspective?
Everyone will say 'Better-off' ...
but you might find in the long term that's not necessarily the case.
The Software Freedom Conservancy sues Vizio, Inc. for alleged violations of the GNU GPL covering software incorporated into certain Vizio smart TVs.
An early and widely publicised example of the impacts of such non-compliance was the 2008 lawsuit initiated by the Free Software Foundation (FSF) against Cisco Systems that alleged several of Cisco's consumer network routers used GPL licensed code. The litigation was settled with Cisco releasing the source code, making a contribution to the FSF, and appointing a compliance officer. Quite the kicker.
In this latest action SFC asserts that all consumers of copyleft code deserve the opportunity to know, access and modify the code on their devices and is seeking the release of the complete, corresponding source (CCS) for all GPL’d components on Vizio TVs. The benefit? Well much as it was with the older analogue hardware TV's that would be repaired by technicians, coders would have the option to repair the software when the supplier potentially stops support for their older models (surely not from 'built-in obsolescence'?)
And lets not forget the ethics involved given the FOSS history and the principles that underpin it. From its fruition in the 1990s and early 2000s when Linux and other GPL’d software was considered nothing more than experimental. From those curious beginnings grew the community of enthusiastic developers whose software has benefited and furthered the rights and freedoms of individual users, consumers, and developers around the globe. It is a culture worth preserving and that means keeping organisations who benefit from that culture honest. (SFC refers to this as 'Ethical Technology' meaning technology that serves its users rather than the corporations who profit from it and preserves and promotes the rights of those impacted by it).
So if you are an organisation using open-source software, and in particular, incorporating it in proprietary commercial products, make sure you understand your compliance obligations with the relevant open source licenses. If you don't, you might soon find that letter arrives requiring you to release all of the IP you've built on top of the most excellent Free and Open Source Software that we all benefit from.
The Software Freedom Conservancy is a 501(c)(3) nonprofit organization that is supported largely by individuals who care about technology and advocates for software that has been designed to be shared (using copyright licensing that allows users to freely use and repair it, and, in particular, forms of software licensing that use the restrictions of copyright to promote sharing called “copyleft”, such as the GPL).
In the absence of strict procurement practices and robust record keeping its all to common to see organisations struggling to retrieve their records of purchase backing-up their claim to entitlements. In fact how often do we hear "yeah we've got 20 licenses for that - they're listed on Dave's spreadsheet".
Now lets be clear - the fact that it's on Dave's, or Susan's or anyone's spreadsheet does not constitute evidential fact. For that, you'll need the Proof of Entitlement if issued by the vendor, or the (signed) Contract containing the license grant, or the Order issued under it for the products in question. At a minimum if those are lost in the tracks of time (no doubt residing only in someone's email who has long departed the employ of the company), you'll need the latest invoice that shows the products and quantities that were covered by the last payment (ie. either actual purchase or renewal).
Again, its all too common that it's not until an audit that organisations are forced to scramble through the purchasing, legal, IT et al records looking for some artefact to substantiate the otherwise baseless right of use claim for the vast overage of licenses that have been deployed! This trek down memory lane can be the most time consuming - and often fruitless - use of specialized resources, the cost of which is not generally recognized by management and similarly overlooked in the justification of a dedicated SAM function.
So what's the alternative? Quite simply a process that ensures those essential records are properly recorded in an organized and readily accessible system, and are kept current through routine and ongoing ownership - once established this is not as much of an overhead as it might seem, and having all of that data at hand when challenged by a vendor can go a long way in underlining your disciplined approach and credibility in such a way that you'll be last on the next audit round list, if in fact on their radar at all.
Now this will no doubt rally those skeptics with their "wait - I just call my reseller and say give me a list of what we own" approach, and while this might offer some solace it doesn't necessarily constitute proof in the same way that last document of fact - the invoice - does. How's that? Well for one example think of step-up licenses that will be printed there for all to see, but what about the original license it is based on (and worse, what if that original license is actually still in use!), or those 'from-SA' uplifts that require unravelling potentially years of purchase history to properly determine entitlement. All best avoided by having a routine practice supported by a specialized system in the first place ...
As of 1st March 2022 all plans will increase anywhere from 8.5% to 20%
Stating that it is the "first substantive pricing update" since its launch in 2011 Microsoft have announced uplifts to all of its Office 365 plans early next year, citing the addition of 24 apps to the suites —Microsoft Teams, Power Apps, Power BI, Power Automate, Stream, Planner, Visio, OneDrive, Yammer, and Whiteboard — and the release of over 1,400 new features and capabilities in the three key areas of Communication and collaboration, Security and compliance, and AI and automation as justification for the rise.
As a sweetener they have also added unlimited dial-in capabilities for Microsoft Teams meetings across the enterprise, business, frontline, and government suites over the next few months, currently only available under the E5 plans. This will allow users to access Microsoft Teams meeting from virtually any device regardless of location when unable to access an internet connection.
So what are the prices changes?
Per User charges as of 1st March 2022 will be as follows:
So biggest increases to the lower cost plans, with the popular O365 E5 attracting the smallest hike. The increases will apply globally with local market adjustments for certain regions, and there are no changes to pricing for education and consumer products at this time.
With Microsoft Teams being industries tool of choice lately the rise is unlikely to cause much of a stir in the marketplace, however worth leveraging your enterprise agreements and overall spend to get the best discounts available — larger orgainsations could be up for a hefty and no doubt unexpected budget blowout if they're unlucky enough to be renewing next year!
In this second part of our SAM Foundation series we look at Compliance Reporting and the importance of understanding your deployment position.
In part one of this series we covered the importance of a full data collection across your data sources and contract and licensing information, now we look at how to bring that together into a compliance position.
The first realisation is - wow! - that's a lot of data we have out there! So just as we needed tooling to perform the data gathering exercise we are going to need analytics to decipher not only what's important but how to interpret it all, for which there are two aspects:
Now what exactly do we mean by 'Scale Reporting'? Basically this means a reporting facility that enables you to stipulate variable parameters from product to vendor to company, with the output organised by device in a concise and easily readable form - for example ComplianceWare's powerful python & pandas based analytics engine that slices and organises the data into output as a familiar Excel workbook.
A snapshot of the output as below:
The analytics should also consider base licensing metrics such as server core and PVU minimums, apply relevant bundling rules to avoid double counting, and recognise non-chargeable installations such as clients and free-edition software.
So we now have our first view of what's deployed where - and that's a good start, but it doesn't mean the jobs done. You'll want to perform some spot / sanity checks across the report, and that's where the 'Direct Examination and Querying' comes in. Here, your tool should allow you to easily interrogate your data collection (which can span many millions of rows) for further review and confirmation, and that's accomplished via smart features that enable you to slice, limit and target the fields and items of interest. Again, with ComplianceWare as an example you can easily navigate through the data by vendor, product, data source, and perform smart searches with inclusion and exclusion parameters to dynamically find exactly what you are after.
ok ... we're happy with our deployment report - now what?
Now it gets interesting - does what's reported as deployed match what we're actually entitled to? While some products can be automatically tallied (eg. products with simple install or device metrics) others will require more effort such as resource based metrics like cores or logical licenses such as users, and those in more complex environments such as virtual environments where physical v virtual considerations must be taken into account.
Here there are no short-cuts - it will require a knowledgeable individual (preferably with prior experience in the environment) to work through each product in a methodical and calculated manner to (a) derive the optimal licensing construct and then (b) reconcile against the recorded (and evidenced) level of licensing. As this progresses it is imperative to capture your findings and ensure they are lodged as an artefact for audit readiness and as a baseline for future reporting cycles (again with ComplianceWare this can be stored as 'Verification' material alongside the updating of actual usage figures).
And just how often should the whole exercise be performed? We'd recommend that you cover your major vendors at least annually, and institute a program of work that targets a select number of products or vendors quarterly. The good news is that once you've completed one cycle others become easier as you'll have a baseline to compare or commence from.
So to summarise:
In this series we'll cover the foundations of SAM, and what they mean.
Data is the essence of SAM, much as it is with most of technology. It's all there, somewhere, amassed over time, stashed away in the recesses of the organisation. It may exist (hopefully) in electronic form, or (lamentably) physical records filed and stored, most typically both. So we know the data's out there, the question is how - and where - do we start?
The first step is to determine what data sources you can tap into, from the raw systems themselves through other collection platforms you might run such as CrowdStrike, Microsofts SCCM, IBM's ILMT, HCL's Bigix Inventory etc. With larger organisations the issue is always completeness - be it running agents or agentless via remote extracts - how do we know we're capturing everything we should ... and that can be a much more difficult proposition than it seems.
The approach is to source as much data as possible and compare it, merge it, blend it, and massage it to get the best quality information you can - the issue today is not so much sourcing the data, its how to filter through it to find what's important, and to do that you'll need tooling.
That means firstly figuring out what is most workable - and also most repeatable. This could be as simple as providing system logins to run application specific extracts, or remote connectivity as a centralised administrator, or even integrated access via API's. All act as feeds to your SAM system that will then do the hard data crunching and reporting work for you (for which ComplianceWare's pandas driven analytics engine is purposely designed).
So that covers the inventory side of things - collecting the deployment information and associated identifiers (ie. the editions, statistics, capacities etc) necessary to derive your consumption levels, but then you'll need the associated Contracts and Licensing material as well to compare to your entitlements and establish your compliance position, and that's where things can get tricky.
Most organisations - even those that are largely centralised - have some degree of local procurement (all the way down to problematic credit-card purchases) that make it difficult to collate the full and complete record of ownership. So you'll need to start with what is known, match that to the inventory you have identified exposing the shortfalls and gaps, and go looking for those great unknowns.
This can be a long and even fruitless exercise at times, sometimes reliant purely on the knowledge of individuals (if they're still with the organisation that is), extending from business to technology teams, from legal to procurement, all depending on how controlled and robust the procurement processes are. The key here is to capture that information so its recorded and available from there on, and the whole exercise doesn't have to be repeated (as it would in the case of audits).
Ideally your SAM system then allows you to maintain that connection of inventory to entitlements, organised by the contracts they were acquired (and operate) under. Any compliance issues can then be dealt with in a managed and controlled way, along with the potential benefit of savings from license consolidation, decommissioning, harvesting, or reuse, but we'll cover that in Series (#2).
And the kick - data collection isn't a one-off, its an ongoing process that should be repeated as often as necessary based on the frequency and fluidity of change in your environment. On the plus side, once you have established the process it becomes much easier and efficient to rerun, and depending on your SAM system gain more intelligence each time (for example, ComplianceWare can compare different data captures and report the differences so that you can quickly identify what's changed, and what might need attention).
Key takeaways then are:
Keep in touch for the upcoming SAM Foundation Series (#2) - Compliance Reporting.
The February 2021 edition of Microsofts Product Terms Document will be the last.
A little under two years ago we reviewed Microsofts new approach to licensing terms in our June 2019 blog here - now its being further revamped.
As announced on the front page of the February PT document:
Please note this is the last Product Terms Word document. Going forward, the terms will be published on the Product Terms site available at https://www.microsoft.com/licensing/terms/productoffering. Archived versions will continue to be available. For more details, go to https://www.microsoft.com/Licensing/product-licensing/products.
What does it look like - the landing page as shown below:
So quite clear and compact, although you will need to be quite savvy with their license programs and models to get the most out of using it.
... and when put to the test?
We decided to take on one of their more convoluted product licensing models - Power BI - and, well, it didn't seem any simpler. With prerequisites like "Power Automate per user with attended RPA plan, or Power Automate per flow plan" (ok...), and Extended Use Rights such as "Power Apps Portals that map to licensed Dynamics 365 application context and, Power Apps Portals that map to the same environment as the licensed Dynamics 365 application" (right...), the format might have changed but the content is still not that intuitive is it?
So while access to dynamic and current licensing information is always a good thing, simpler licensing models and metrics would we think resonate much better with software customers in general. After all, we all want to be compliant, so why make it so hard we wonder - any thoughts / comments ?$$?
A year of challenges and differences to all (recent) others.
Perhaps not surprisingly the IT industry did its part in the battle with Covid-19. Mobility became essential - workers were confined to homes, offices were shutdown, usual communication and interactions were stifled.
... enter video conferencing on a whole new level
From Zoom, to WebEx, to Teams everyone had to find a way to adapt. Not only did meeting online become the norm for but also the stand-in for the social watercooler or coffee break gatherings, or even the swell of welcomes and farewells.
That all worked well and is undoubtedly with us for good.
But what about licensing? If you recall our March Blog we called out the possibility of easily becoming non-compliant in the rush to stay connected to your workforce and customers. With the new year imminent its now time to regroup and review. Are all of those rapid changes squared off? Have you reconciled usage to entitlements? Or are you perhaps uncertain of exactly what state you have now found yourself in?
Be particularly concerned if you used the likes of Citrix to enable access to desktop applications - if unconstrained you could be liable for all potential usage, not just actual usage.
Or if you inadvertently permitted a level of multiplexing by routing traffic or enabling access at the simplest level (think generic logons, or joint application connections) you'd best tidy things up.
Don't be complacent thinking there has got to be some vendor leniency out there - we are already aware of audits being undertaken - there is no compromise when revenue is at stake.
So as always, take stock of your situation - get on top of your compliance position and be ready to assert your view rather than just accept what state your vendor tells you you're in.
... and if you need help to do so, just contact us
What do you need to do?
All services, products, and offers in Open License program today will remain available until January 1, 2022. To plan for future purchases, ask the partner you’re currently buying software licenses from about your options. Your partner can help you decide the best steps for you, whether that’s new licenses or online services subscriptions. If you don't have one, you can Find a Microsoft partner.
Are there any other options available?
Yes - depending on what you want to purchase you can make use of the Open Value or the Open Value Subscription program:
Here's a reminder of the differences between the current programs:
So nothing alarming in this announcement, more just an evolution of a 20 year old program to align with Microsofts contemporary go to market structures. While 2022 might seem some time away you can be sure the changes will begin to emerge through 2021, so just something more to be aware of and prepare for in the ever changing world of software licensing!
So, what has the uptake of Java SE Subscriptions been like?
There have been regular communications from Oracle promoting the value of their Java SE subscription service since version 8 went end-of-public-update (EoPU) in January 2019, but what has the uptake actually been like?
The latest (July 2020) statistics have been published as below, with 57 vulnerabilities reported since the EoPU of Java 11, with 7 attaining a CVSS (Common Vulnerability Scoring System) of 7 or more (reflected below). The question being, is that enough of a concern to pick up the phone and make the call to your Java Business Rep?
A reasonable question, and one for which we don't have a definite answer. Anecdotally, the view would be not generally, however this is unsubstantiated so we'd be keen to get a view from the industry - please take the time to complete our quick 2 question poll below:
Thanks for taking the time to contribute - we'll publish the results soon!
Data Recovery Environments using Copying, Synchronizing or Mirroring Standby and Remote Mirroring are commonly used terms to describe these methods of deploying Data Recovery environments. In these Data Recovery deployments, the data, and optionally the Oracle binaries, are copied to another storage device. In these Data Recovery deployments all Oracle programs that are installed and/or running must be licensed per standard policies documented in the Oracle Licensing and Services Agreement (OLSA). This includes installing Oracle programs on the DR server(s) to test the DR scenario. Licensing metrics and program options on Production and Data Recovery/Secondary servers must match.
Servers – Disaster Recovery Rights: For each Instance of eligible server software Customer runs in a Physical OSE or Virtual OSE on a Licensed Server, it may temporarily run a backup Instance in a Physical OSE or Virtual OSE on either, another one of its Servers dedicated to disaster recovery, or, for Instances of eligible software other than Windows Server, on Microsoft Azure Services, provided the backup Instance is managed by Azure Site Recovery to Azure. The License Terms for the software and limitations apply to Customer’s use of the backup Instance.
If its not specifically called out in the VMware Product Guide it will need licensing, and that means everything other than Continuent and vRelaise for Log Insight. Surprisingly, VMware deem an install to be 'use' of the software - yep - just binaries sitting on a disk.
RHEL Linux Subscription Guide: Cold backups: The server has software installed and configured, but it is turned off until the disaster occurs or for periodic disaster recovery procedure tests. For Red Hat Enterprise Linux, this means that the customer is allowed to preload the bits as a courtesy. However, Red Hat Content Delivery Network cannot be used to update the system until the disaster happens. Then, the paid subscription on the failed machine transfers to the cold backup sever. In this case, a customer does not need two subscriptions. The customer will consume only one subscription at any point in time. Red Hat will allow the customer to pre-provision the software bits onto the cold backup machine as a courtesy. If a customer is found to be running more units of Red Hat Enterprise Linux than the customer has subscribed for because the customer has found a use for these pre-provisioned servers other than this cold backup use case, the customer is obligated to pay Red Hat.
Backup Use Defined: For programs running or resident on backup machines, IBM defines 3 types of situations: “cold”; “warm”; and “hot”. In the “cold” and “warm” situations, a separate license for the backup copy is normally not required, no additional charge applies, and IBM does not need to be notified. In a “hot” backup situation, the customer needs to acquire another license. All programs running in backup mode must be under the customer’s control, even if running at another enterprise’s location.
New for 2020 - Microsoft to reduce Software Assurance Benefits
Changes to Microsoft's SA Benefits have been announced effective 1st February 2020 which will see the end of some of the most useful aspects of the program, in summary:
So time to review all of your enrollments and make sure you convert all of your SA Benefits to get full value out of your investment in these programs. As a refresher, take a look through the list below.
Check out this October announcement - It could save You Thousands!
Microsoft recently announced a new SQL Server SA benefit that is well worth reviewing – it could either release some currently consumed cores or save you buying more for any clustered environments you have now or are planning.
Starting Nov 1st, every Software Assurance customer of SQL Server will be able to use three enhanced benefits for any SQL Server release that is still supported by Microsoft:
So considering a typical architecture per diagram below the number of SQL Server core licenses required to operate this topology would be only 12 cores as opposed to 24 cores in the past:
Now the FAQ’s in the announcement included a specific question as to the versions that were covered and was answered in the affirmative by a Microsoft representative:
Q1. Is this applicable to old SQL Server versions like 2014 & 2016?
Answer for Q1: Yes. The benefit applies to all supported releases of SQL Server.
Which raises the question – why do we once again see a potential conflict in the Product Terms which appear to qualify the benefit to SQL Server 2019 only:
4.2 SQL Server 2019 – Fail-over Rights
For each of its Primary Workloads, Customer is entitled to:
We shall (again) seek clarification from Microsoft. In the meantime, check out more comprehensive information and examples in the accompanying Licensing Guide.
Lets Straighten out On-Premise Rights Included with M365
A quick internet search is likely to find conflicting views on what on-premise rights you are granted with your M365 Subscription particularly in relation to server software. Many sites will state that you gain only user access rights with your USL licenses, ie. essentially a CAL license entitlement, and that you are still required to acquire the server licenses for the likes of Exchange and Sharepoint.
Simply, that's not correct.
Firstly though, be sure of the M365 Subscription you are dealing with as each will offer different content and scope. The CAL/ML equivalency table of the Product Terms provides a good overview to this:
Note for example that the common business E3 and E5 plans provide both Base and Additive access rights for Exchange and SharePoint Server. But what about the Server Licenses?
A quick browse through the FAQ of the M365 Site provides the first hint that certain Server software is indeed included:
While the respective sections covering the likes of Exchange or SharePoint Server software don't provide any clues, the Microsoft 365 section clearly articulates the entitlement (page 57 of the October 2019 document):
Assuming all of your users are properly licensed (and they should be) your on-premise Exchange, SharePoint and Skype for Business Server installations are covered!
... and that includes back-versions of course under the Universal License Terms part 3 - "Rights to Use Other Versions and Lower Editions".
So no need to True-Up those on-premise Server licenses for Exchange or SharePoint, and who isn't keen for less overhead and more funds right?!
IBM Announces its new "Authorised SAM Provider" Offering (IASP)
While it appears the disgruntled messaging from clients is finally starting to register with some major vendors, a recent announcement from IBM (outlined here by the ITAM Review) by no means makes it an all clear.
We're all for any move to make software licensing compliance simpler, and the IASP program for some large IBM customers might just do that - although by invitation only and accomplished by engaging one of just four designated IBM partners:
OKAY, SO WHAT's THE OBJECTIVE?
In a nutshell, to offer those select few an alternative to IBM's License Reviews by operating a managed service that brings SAM expertise, tools, and knowledge to organisations who are perhaps struggling with those skills themselves - which happens to be exactly what we at Software Compliance have been offering our valued clients since 2016!
HOW ABOUT the APPROACH?
Once invited, an organisation selects an authorised partner who will then - through a defined scope of paid work - follow the standard licensing compliance process to create a baseline (using ILMT), perform an initial reconciliation, resolve any issues, and implement an ongoing management and control program, all done under an IASP Agreement that must be executed with IBM (covering a term of up to 3 years).
... And THE Benefits?
The major attraction is that any licensing shortfalls discovered in the initial baseline can be resolved at the customers entitled price without any back-dating of S&S - and - an apparent waiver of any sub-capacity issues (tbc).
... and we all know how problematic (ie. costly) issues in this space can be!
On the surface perhaps an admirable new direction from IBM, but does it really differ to how customers operating under the likes of an Enterprise Services & Software Offering (ESSO) have been treated for the last 10+ years? We think not - baselines were created, shortfalls resolved (albeit perhaps not as transparently), regular reporting was mandatory, etc ... so the only difference seems to be that the customer is required to engage one of just four designated partners.
Contact Us ... (before your Vendors do)
terms related to outsourcing rights and dedicated hosted cloud services Change 1-Oct.
Microsoft’s off-premise outsourcing terms are changing October 1, 2019, evidently to clarify the distinction between on-premises/traditional outsourcing and cloud services, and create more consistent licensing terms across multitenant and dedicated hosted cloud services, the core of the changes being:
Now there’s one statement that seems to negate it all (page 3 of the FAQ) given all of the Listed Providers are currently in the Authorized Mobility Partner list which we’re seeking clarification from Microsoft for (italics added):
Do the updates to the Outsourcing Software Management clause affect my rights to deploy licenses with an Authorized Mobility Partner? License Mobility through Software Assurance rights will be expanded to permit deployment of licenses with License Mobility coverage with Listed Providers’ dedicated hosted cloud services for those Listed Providers who are Authorized Mobility Partners. (and importantly) Rights to deploy licenses on Authorized Mobility Partners’ shared servers are not impacted by the outsourcing update.
But that aside, lets dissect it all ...
Firstly, what exactly are “dedicated hosted cloud services”? Microsoft’s states this to be the “services offered by major public cloud providers typically with elastic, ondemand, pay-as-you-go resources, like their multitenant cloud services.” Multitenant cloud services? Wouldn’t that be the opposite of dedicated?? Well for the Listed Providers examples given are “Azure Dedicated Host, Amazon EC2 Dedicated Hosts, single tenant nodes from Google” – all dedicated – and “VMware Cloud on Amazon Web Services (AWS)” – so perhaps the/an exception being SDDC architecture.
The first thing to note - the change won't impact the use of existing software versions under licenses purchased before October 1, 2019 so you can continue to deploy and use software under your existing licenses on servers dedicated to you, just not workloads under licenses acquired on or after October 1, 2019 (and don’t forget that just performing a Software Assurance renewal doesn't affect your perpetual use rights for existing versions). And secondly, rights to deploy licenses on Authorized Mobility Partners’ shared servers are not impacted by the outsourcing update.
So what to be wary of …. as usual, the limitations:
Are there any alternatives? Well, besides any SPLA or otherwise ‘bundled’ licensing options available with the provider service, enter the Microsoft Azure Hybrid Benefit (!) where, solely with Azure Dedicated Host, there are exceptions (!!) if you happen to have current SA or equivalent subscription rights. And what might the Azure Hybrid Benefit provide:
Oh … and don’t forget – to make use of License Mobility through SA, you must ensure that you:
NOW INCLUDING CLOUD CONSUMPTION REPORTING
We've been busy .... and our development efforts are now live
Cloud Consumption Reporting is here!
As of version 2.6 of ComplianceWare get your cloud consumption information in one easy view with the new ComplianceWare Subscriptions feature. Check your cost or license usage with simple and secure REST API connectivity to the following platforms:
With standard configuration (typically IAM) through your selected platform you'll soon have ready access to your daily consumption levels, enabling quick action where usage appears to be at limits or following a worrying trend.
Cost figures will be displayed for the current month and prior year (where available):
Or for usage, your entitlements ... and where available, your consumption:
So no more need to open all of those portals and navigate through the layers of screens to your billing or license information, just one click and you're there! You don't even need a login - with ComplianceWare configured as a service all access is programmatic.
If you'd like to know more check out the Configuration Guide which provides step-by-step instructions on how ComplianceWare would be configured for each platform, and if you'd like to see it in action just Contact Us for a login to our demonstration site.
A great new feature - along with the new Vendor records administration - adding more value for our customers, keeping ComplianceWare the most functional, cost effective software discovery and license management tool on the market!
A New And WeLcome Direction in Consolidated, Direct, Licensing Information
Microsoft announced the 1st June 2019 as the date at which the new 'Licensing Terms Site' will replace the current downloadable document versions of the Product Terms (PT) and Online Service Terms (OST) (although at date of this publication it is still stating "under construction and for preview use only.")
Not only is this intended to consolidate the myriad of licensing documents and material rife across Microsoft sites, but according to the FAQ (available here) will also ease navigation through filters available by program and product, and also introduce a new 'compared-to' function which allows users to compare changes (albeit post 1st June 2019) to 'current' use rights going forward - a useful utility!
So what does it look like? - the landing screen as below (see it for yourself here):
A quick test run found the site easily navigable, presenting targeted information based on your selection in the familiar format of the Product Terms structure. Of course it can't solve the 'knowledge complexity' invariably attached to licensing - you basically still need to know what you are looking for, and then be able to apply what you find to your own situation.
A quick delve into the SQL Server section highlights the information then available by edition:
All in all though a timely advance in the overall licensing landscape that would be welcomed across other vendors with similarly broad and complex license terms and models, which makes us wonder ...
... is it too much to hope for a cross-industry standard?
Could the Change to IBM's PVU Core Table Signal a Refreshing SHIFT in Sub-Capacity Licensing?
While some vendors prefer to wallow in the mire of antiquated and irrelevant licensing regimes others seem to be moving ahead with revised models that provide clarity and ease in establishing your licensing and compliance position.
A case in point - IBM - who flagged a rethink with a shift from the messy PVU to Virtual Processor Core metrics (example in the hyperlink).
Starting April this year the x86 PVU Table has been culled down to just 6 entries with the Intel category now much simplified for the Xeon chipset, basically all determined by the number of sockets at 2, 4, and >4 (with the lower models in the listed ranges remaining at 50 PVU's):
There is however one complication - Symmetric Multiprocessing Servers - which you need to factor per definition below:
The PVU requirement for the Intel processor technology indicated is dependent on the maximum number of sockets on the server. If sockets on two or more servers are connected to form a Symmetric Multiprocessing (SMP) Server, the maximum number of sockets per server increases. Example:
Good news from our perspective - anything that removes ambiguity is welcomed (with reference to the linked post at the start of this blog: "oh but you have to count the Physical cores, not virtual, on the Host, in fact all Hosts in the complex, actually in the Data Center, well let's say the Cloud then, so basically ...
... everything, everywhere")
All might not be what You think - It's time to Check
So all's fine with your Oracle Database - it's been installed for some time now, had a few upgrades, tweaks and tune-ups, you're across your NUP and Processor entitlements, so why have any concerns from a licensing perspective? Well, what about all of those Feature, Option, and Management Packs that lurk quietly in the background - have you checked on the status of those lately?
Worth checking to be certain before that next, friendly ... 'Oracle License Review'.
To facilitate this Oracle provides a script - options_packs_usage_statistics.sql - which enables you to check Oracle Database feature usage, option usage, and management pack usage. The script lists, in two distinct sections:
The script can be run manually on an individual database or you can use Oracle Enterprise Manager Job System to automatically run the script on multiple databases, giving output like the below (with formatting added):
Now with insight into the actual system settings a simple reconciliation to your licensing / entitlements will give you assurance that everything is in order, or alternatively highlight what needs to be resolved.
A simple task well worth scheduling at least annually.
and it's always good to keep a record for later comparison / compliance requirements (with ComplianceWare you can easily register the output as 'Verification' material alongside your licenses).
Could You Be At Risk From Covert LICENSING TERMS?
While some vendors are well known for their hostile terms towards specific forms of virtualisation (consider Oracle with VMware), others are not, slyly waiting for sufficient time to pass before issuing that dreaded ‘license review’ (aka audit) letter, hoping they can trap you with their archaic, antiquated, yet bizarrely enforceable terms that could see you severely punished if you have virtualised systems that fall under these conditions.
Two current protagonists are coming to the fore in this space for their equally aggressive – and global – onslaught, hounding their loyal customers with totally unreasonable findings and outrageous demands for compensation. The problem emerged from the days of licensing physical installations by cores – easily managed when applications ran in their own dedicated servers, but with the shift to now omnipresent server farms, be it on-premise or cloud based, where their terms have not changed and don’t automatically recognise virtualisation as a means to limit the licensable metric (cores) you are at risk of paying for all of the physical cores in your entire Host estate.
Consider the terms below extracted from the respective vendor agreements:
Micro Focus End User License AgreemenT
"Server License for CPUs. Licensed Software provided under this License Option gives Licensee the right to install the Licensed Software on a single machine or server ("Host Server"), or one or more Containers on the Host Server, and have the Licensed Software executed by up to the total number of CPUs, Cores, Integrated Facility for Linux processors ("IFLs"), Blades or other processing devices specified for the license in the applicable Product Order ("License Specification"). If the number of Cores is not specified for a CPU in the event a CPU is specified in the License Specification, such CPU shall be considered to be single-Core. A Server License for CPUs license covering all CPUs, Cores, IFLs, Blades and other processing devices that are contained in and/or can be accessed by the Host Server ("Total Processors") is required with all applicable license fees paid, even if one or more of such CPUs, Cores, IFLs, Blades or other processing devices are not accessing or running the Licensed Software. For example, if 32 Cores are the Total Processors on the Host Server, but only 16 Cores are utilized to execute the Licensed Software, a 32-Core Server License for CPUs license is required notwithstanding the fact that 16 of the 32 Cores may not actually be accessing the Licensed Software. Each Core on a multi-core CPU requires a Server License for CPUs license covering each such Core. For example a Host Server with Total Processors consisting of a single quad-core CPU will require a 4-Core Server License for CPUs license and payment of the license fees applicable to all 4 Cores."
OPEN TEXT – ECD Central Processing Unit (“CPU”) ModeL
Affected products are any of those on your Order From that have a UOM code of ‘ZA’:
"Licensing and pricing is based upon the total number of CPU cores present in the computer upon which the ECD Software will operate. The ECD Software is licensed per physical dual-core device (“Dual-Core CPU”). Licensee must purchase an individual Software License for each Dual-Core CPU on which the ECD Software is executed or made available to execute."
If you are in the unfortunate position of running any products that fall into the categories above, act fast. You will need to either move the affected applications to a right-sized physical box (with all of the accompanying issues that presents) or seek to agree with the vendor the appropriate virtualisation terms (and be wary – if they play this type of game that will likely just get their cash registers ringing).
We find it hard to believe that such terms remain in vendor agreements, more so even deemed enforceable. If you've had the misfortune to have gone through such an affront, or think you might be about to, get in touch - we'd like to hear of (or help with) your experience.
IT SEEMS AUDIT SEASON HAS STARTED EARLY ...
Revenue outlook must be a concern for a number of large, global corporates going by the number of audits we're aware of already this year - typically they seem to favour the mid to late part of the calendar.
And lets face it, an audit is the last thing you need when you're just getting back to those major initiatives that need focus. Of course often its that very focus that leads to compliance issues - lacking the necessary oversight and controls in your IT landscape its not uncommon for BAU changes to cause a world of difficulty - a simple server refresh that introduces more cores, a change in access permissions that broadens the user base, or perhaps just plain old virtualisation.
So what might target your organisation for attention by those loathed 'License Review Teams' waiting out there?
Well the answer is, more than you might think.
Typically something has got you to the top of the list. It can of course be within a common cycle such as at a contract renewal period, or an untimely prompt by one of those independent organisations whose entire income is through specialised and aggressive audits, but if not, what might cause it - and how might you prevent it?
First, consider the common triggers:
If any of the above have you a little worried look for the most telling signal from your vendors of an impending audit - the unexpected communication that your "account team is going through some changes", which is simply a calculated, preemptive move to extricate any history and/or advocacy you might otherwise have had - prepare and get ready!
all of those "but" arguments will get you nowhere - "but we had an agreement",
"the account have known it was like this for years",
"it was the licensing sold to us", etc etc.
Alternatively, if you're feeling comfortable that you're not under any imminent threat its still a good idea to take stock and review your position against the common triggers. The best defense is without doubt a robust and competent software licensing function within your organisation that maintains the necessary level of control (and has the added benefit of warding off those vendors who would rather take on an easier, less capable target).
When it comes to licensing and compliance its good practice to not treat your vendors like 'trusted partners' - keep in mind who they're actually working for, and who's paying their salaries.
So - what to do:
Concerns? if you need any help, we're just a phone call away.
With a New Year ahead it's a good time to reflect on your IT Licensing status and Compliance Position - Are you confident that it's all under control?
Or does effective management of IT licensing just seem too vast and perhaps cost prohibitive to implement and maintain? It can seem that way - there are numerous and ever changing products, platforms, and models to complicate the situation, so how do you keep up?
And what about the cost? - yes, Software Asset Management and Licensing Compliance to many executives can seem like an unnecessary spend, much like the early days of Disaster Recovery where the prevailing thinking was typically "why would we spend so much on hardware that's just going to sit idle?". Well compare that to the contemporary thinking today where Service Recovery is a given with any robust application - the spend is seen as a worthy investment, not just additional cost.
At Software Compliance we recognised these factors as the perplexing problems the majority of organisations with broad IT solutions faced, and we decided to develop a solution that would work - and scale - to a vast array of companies, particularly SME's.
So how did we do it?
First and foremost we developed a tool to enable organisations to capture, contain and maintain that vast amount of software information important to them - their contracts, deployments, and licensing - the tool - ComplianceWare.
Not only does ComplianceWare discover and track your software deployments, but it removes layers of licensing complexity by automatically tallying installations, performing product bundling where appropriate, and providing direct links to vendor licensing information to help you decipher whats relevant - all kept current for you by the team here at SWC.
So if that solves the complexity issue, what about the next inhibitor - cost?
Again, that was something we were very aware of. While there were existing solutions in the market they are typically high-end, bloated products aimed at large enterprises at a cost to match. We took a different approach - build a lean, cloud delivered, simplified application that organisations could subscribe to based on their requirements, and be there to provide ongoing support and expertise as those ever-changing products and platforms emerge and evolve. All at a such a compelling cost you'll wonder why you paid such exorbitant remediation fees in the first place (or perhaps might be about to!).
So as holidays come to an end and we embark on another year it's a good time to reflect and ask yourself, in 2019 will we be:
It's not nearly as hard or as costlier a problem as you might believe it to be - find out more - get in touch and let's see how we might be able to help you gain more success in 2019.
effective January 2019 ORACLE HAS ANNOUNCED THAT Java SE 8 public updates will no longer be available for "Business, Commercial or Production use" without a commercial license.
What does this mean to your organisation?
... For Commercial Users (being those "entities other than Oracle Customers that use Java SE for free for business, commercial or production purposes as part of a Java application delivered by a third party or developed internally" Oracle will not post further updates of Java SE 8 to its public download sites after January 2019. If you need continued access to critical bug fixes and security fixes as well as general maintenance for Java SE 8 or previous versions you'll need a long term support subscription through Oracle Java SE Advanced Desktop, or Oracle Java SE Suite.
Of course if Java is licensed for use under another Oracle or other third-party license you are exempt. You'd be entitled to ask - what exactly is Oracle's justification for this new charge, well simply put their contention is captured in this statement:
"As the main contributor and steward of Java SE, Oracle is the only company that can guarantee long-term support and updates on a timely and predictable schedule. The Java SE Subscription from Oracle provides access to tools that consistently manage updates, enables enterprises to monitor their own Java platforms, and provides direct access to a specialized Java SE support team"
Where to next? ... What do I need to do??
Assuming you have broad use of Java SE like most organisations - noting the Java Platform, Standard Edition (Java SE) and Oracle Java SE Advanced and Suite products are currently shipping from Oracle in the form of the Java Development Kit (JDK), and Java Runtime Environment (JRE) - you'll need to inventory your entire software landscape to identify what installations you have, under what license. For those that aren't captured by an over-arching entitlement you will need to assess the level of support and currency you are willing to operate.
Put simply, that all means:
And what's that all going to cost? ... Well the latest Oracle Technology Global Price List (June 19, 2018) states the following under Fusion Middleware:
... however the literature surrounding the Subscriptions appears to indicate a more reasonable cost profile:
So with January 2019 looming the priority needs to be getting full clarity of your position:
... and then quantify what that might cost.
It would be fair to predict that Oracle will no doubt scrutinise this space at some point in the near future ... best to be prepared.
READY TO WORK WITH US?