New for 2020 - Microsoft to reduce Software Assurance BenefitsChanges to Microsoft's SA Benefits have been announced effective 1st February 2020 which will see the end of some of the most useful aspects of the program, in summary:
So time to review all of your enrollments and make sure you convert all of your SA Benefits to get full value out of your investment in these programs. As a refresher, take a look through the list below. 
0 Comments
Check out this October announcement - It could save You Thousands!Microsoft recently announced a new SQL Server SA benefit that is well worth reviewing – it could either release some currently consumed cores or save you buying more for any clustered environments you have now or are planning. Starting Nov 1st, every Software Assurance customer of SQL Server will be able to use three enhanced benefits for any SQL Server release that is still supported by Microsoft:
So considering a typical architecture per diagram below the number of SQL Server core licenses required to operate this topology would be only 12 cores as opposed to 24 cores in the past:  Now the FAQ’s in the announcement included a specific question as to the versions that were covered and was answered in the affirmative by a Microsoft representative: Q1. Is this applicable to old SQL Server versions like 2014 & 2016? Answer for Q1: Yes. The benefit applies to all supported releases of SQL Server. Which raises the question – why do we once again see a potential conflict in the Product Terms which appear to qualify the benefit to SQL Server 2019 only: 4.2 SQL Server 2019 – Fail-over Rights For each of its Primary Workloads, Customer is entitled to:
We shall (again) seek clarification from Microsoft. In the meantime, check out more comprehensive information and examples in the accompanying Licensing Guide.
Lets Straighten out On-Premise Rights Included with M365A quick internet search is likely to find conflicting views on what on-premise rights you are granted with your M365 Subscription particularly in relation to server software. Many sites will state that you gain only user access rights with your USL licenses, ie. essentially a CAL license entitlement, and that you are still required to acquire the server licenses for the likes of Exchange and Sharepoint. Simply, that's not correct. Firstly though, be sure of the M365 Subscription you are dealing with as each will offer different content and scope. The CAL/ML equivalency table of the Product Terms provides a good overview to this:  Note for example that the common business E3 and E5 plans provide both Base and Additive access rights for Exchange and SharePoint Server. But what about the Server Licenses? A quick browse through the FAQ of the M365 Site provides the first hint that certain Server software is indeed included: 
While the respective sections covering the likes of Exchange or SharePoint Server software don't provide any clues, the Microsoft 365 section clearly articulates the entitlement (page 57 of the October 2019 document):  Assuming all of your users are properly licensed (and they should be) your on-premise Exchange, SharePoint and Skype for Business Server installations are covered! ... and that includes back-versions of course under the Universal License Terms part 3 - "Rights to Use Other Versions and Lower Editions". So no need to True-Up those on-premise Server licenses for Exchange or SharePoint, and who isn't keen for less overhead and more funds right?!
IBM Announces its new "Authorised SAM Provider" Offering (IASP)While it appears the disgruntled messaging from clients is finally starting to register with some major vendors, a recent announcement from IBM (outlined here by the ITAM Review) by no means makes it an all clear. We're all for any move to make software licensing compliance simpler, and the IASP program for some large IBM customers might just do that - although by invitation only and accomplished by engaging one of just four designated IBM partners:
OKAY, SO WHAT's THE OBJECTIVE?In a nutshell, to offer those select few an alternative to IBM's License Reviews by operating a managed service that brings SAM expertise, tools, and knowledge to organisations who are perhaps struggling with those skills themselves - which happens to be exactly what we at Software Compliance have been offering our valued clients since 2016! HOW ABOUT the APPROACH?Once invited, an organisation selects an authorised partner who will then - through a defined scope of paid work - follow the standard licensing compliance process to create a baseline (using ILMT), perform an initial reconciliation, resolve any issues, and implement an ongoing management and control program, all done under an IASP Agreement that must be executed with IBM (covering a term of up to 3 years). ... And THE Benefits?The major attraction is that any licensing shortfalls discovered in the initial baseline can be resolved at the customers entitled price without any back-dating of S&S - and - an apparent waiver of any sub-capacity issues (tbc). ... and we all know how problematic (ie. costly) issues in this space can be! On the surface perhaps an admirable new direction from IBM, but does it really differ to how customers operating under the likes of an Enterprise Services & Software Offering (ESSO) have been treated for the last 10+ years? We think not - baselines were created, shortfalls resolved (albeit perhaps not as transparently), regular reporting was mandatory, etc ... so the only difference seems to be that the customer is required to engage one of just four designated partners.
Contact Us ... (before your Vendors do)
terms related to outsourcing rights and dedicated hosted cloud services Change 1-Oct.Microsoft’s off-premise outsourcing terms are changing October 1, 2019, evidently to clarify the distinction between on-premises/traditional outsourcing and cloud services, and create more consistent licensing terms across multitenant and dedicated hosted cloud services, the core of the changes being:
Now there’s one statement that seems to negate it all (page 3 of the FAQ) given all of the Listed Providers are currently in the Authorized Mobility Partner list which we’re seeking clarification from Microsoft for (italics added): Do the updates to the Outsourcing Software Management clause affect my rights to deploy licenses with an Authorized Mobility Partner? License Mobility through Software Assurance rights will be expanded to permit deployment of licenses with License Mobility coverage with Listed Providers’ dedicated hosted cloud services for those Listed Providers who are Authorized Mobility Partners. (and importantly) Rights to deploy licenses on Authorized Mobility Partners’ shared servers are not impacted by the outsourcing update. But that aside, lets dissect it all ...  Firstly, what exactly are “dedicated hosted cloud services”? Microsoft’s states this to be the “services offered by major public cloud providers typically with elastic, ondemand, pay-as-you-go resources, like their multitenant cloud services.” Multitenant cloud services? Wouldn’t that be the opposite of dedicated?? Well for the Listed Providers examples given are “Azure Dedicated Host, Amazon EC2 Dedicated Hosts, single tenant nodes from Google” – all dedicated – and “VMware Cloud on Amazon Web Services (AWS)” – so perhaps the/an exception being SDDC architecture. The first thing to note - the change won't impact the use of existing software versions under licenses purchased before October 1, 2019 so you can continue to deploy and use software under your existing licenses on servers dedicated to you, just not workloads under licenses acquired on or after October 1, 2019 (and don’t forget that just performing a Software Assurance renewal doesn't affect your perpetual use rights for existing versions). And secondly, rights to deploy licenses on Authorized Mobility Partners’ shared servers are not impacted by the outsourcing update. So what to be wary of …. as usual, the limitations:
Are there any alternatives? Well, besides any SPLA or otherwise ‘bundled’ licensing options available with the provider service, enter the Microsoft Azure Hybrid Benefit (!) where, solely with Azure Dedicated Host, there are exceptions (!!) if you happen to have current SA or equivalent subscription rights. And what might the Azure Hybrid Benefit provide:
Oh … and don’t forget – to make use of License Mobility through SA, you must ensure that you:
For more information check out the Microsoft Announcement and associated FAQ's
NOW INCLUDING CLOUD CONSUMPTION REPORTINGWe've been busy .... and our development efforts are now live Cloud Consumption Reporting is here! As of version 2.6 of ComplianceWare get your cloud consumption information in one easy view with the new ComplianceWare Subscriptions feature. Check your cost or license usage with simple and secure REST API connectivity to the following platforms:
 With standard configuration (typically IAM) through your selected platform you'll soon have ready access to your daily consumption levels, enabling quick action where usage appears to be at limits or following a worrying trend. Cost figures will be displayed for the current month and prior year (where available):  Or for usage, your entitlements ... and where available, your consumption:  So no more need to open all of those portals and navigate through the layers of screens to your billing or license information, just one click and you're there! You don't even need a login - with ComplianceWare configured as a service all access is programmatic. If you'd like to know more check out the Configuration Guide which provides step-by-step instructions on how ComplianceWare would be configured for each platform, and if you'd like to see it in action just Contact Us for a login to our demonstration site. A great new feature - along with the new Vendor records administration - adding more value for our customers, keeping ComplianceWare the most functional, cost effective software discovery and license management tool on the market!
A New And WeLcome Direction in Consolidated, Direct, Licensing InformationMicrosoft announced the 1st June 2019 as the date at which the new 'Licensing Terms Site' will replace the current downloadable document versions of the Product Terms (PT) and Online Service Terms (OST) (although at date of this publication it is still stating "under construction and for preview use only.") Not only is this intended to consolidate the myriad of licensing documents and material rife across Microsoft sites, but according to the FAQ (available here) will also ease navigation through filters available by program and product, and also introduce a new 'compared-to' function which allows users to compare changes (albeit post 1st June 2019) to 'current' use rights going forward - a useful utility! So what does it look like? - the landing screen as below (see it for yourself here):  A quick test run found the site easily navigable, presenting targeted information based on your selection in the familiar format of the Product Terms structure. Of course it can't solve the 'knowledge complexity' invariably attached to licensing - you basically still need to know what you are looking for, and then be able to apply what you find to your own situation. A quick delve into the SQL Server section highlights the information then available by edition:  All in all though a timely advance in the overall licensing landscape that would be welcomed across other vendors with similarly broad and complex license terms and models, which makes us wonder ... ... is it too much to hope for a cross-industry standard?
Could the Change to IBM's PVU Core Table Signal a Refreshing SHIFT in Sub-Capacity Licensing? While some vendors prefer to wallow in the mire of antiquated and irrelevant licensing regimes others seem to be moving ahead with revised models that provide clarity and ease in establishing your licensing and compliance position. A case in point - IBM - who flagged a rethink with a shift from the messy PVU to Virtual Processor Core metrics (example in the hyperlink). Starting April this year the x86 PVU Table has been culled down to just 6 entries with the Intel category now much simplified for the Xeon chipset, basically all determined by the number of sockets at 2, 4, and >4 (with the lower models in the listed ranges remaining at 50 PVU's):  There is however one complication - Symmetric Multiprocessing Servers - which you need to factor per definition below: The PVU requirement for the Intel processor technology indicated is dependent on the maximum number of sockets on the server. If sockets on two or more servers are connected to form a Symmetric Multiprocessing (SMP) Server, the maximum number of sockets per server increases. Example:
Good news from our perspective - anything that removes ambiguity is welcomed (with reference to the linked post at the start of this blog: "oh but you have to count the Physical cores, not virtual, on the Host, in fact all Hosts in the complex, actually in the Data Center, well let's say the Cloud then, so basically ... ... everything, everywhere")
All might not be what You think - It's time to CheckSo all's fine with your Oracle Database - it's been installed for some time now, had a few upgrades, tweaks and tune-ups, you're across your NUP and Processor entitlements, so why have any concerns from a licensing perspective? Well, what about all of those Feature, Option, and Management Packs that lurk quietly in the background - have you checked on the status of those lately?
Worth checking to be certain before that next, friendly ... 'Oracle License Review'. To facilitate this Oracle provides a script - options_packs_usage_statistics.sql - which enables you to check Oracle Database feature usage, option usage, and management pack usage. The script lists, in two distinct sections:
The script can be run manually on an individual database or you can use Oracle Enterprise Manager Job System to automatically run the script on multiple databases, giving output like the below (with formatting added):  Now with insight into the actual system settings a simple reconciliation to your licensing / entitlements will give you assurance that everything is in order, or alternatively highlight what needs to be resolved. A simple task well worth scheduling at least annually. and it's always good to keep a record for later comparison / compliance requirements (with ComplianceWare you can easily register the output as 'Verification' material alongside your licenses).
ADVERSE VIRTUALISATION TERMSCould You Be At Risk From Covert LICENSING TERMS?While some vendors are well known for their hostile terms towards specific forms of virtualisation (consider Oracle with VMware), others are not, slyly waiting for sufficient time to pass before issuing that dreaded ‘license review’ (aka audit) letter, hoping they can trap you with their archaic, antiquated, yet bizarrely enforceable terms that could see you severely punished if you have virtualised systems that fall under these conditions. Two current protagonists are coming to the fore in this space for their equally aggressive – and global – onslaught, hounding their loyal customers with totally unreasonable findings and outrageous demands for compensation. The problem emerged from the days of licensing physical installations by cores – easily managed when applications ran in their own dedicated servers, but with the shift to now omnipresent server farms, be it on-premise or cloud based, where their terms have not changed and don’t automatically recognise virtualisation as a means to limit the licensable metric (cores) you are at risk of paying for all of the physical cores in your entire Host estate. Consider the terms below extracted from the respective vendor agreements: Micro Focus End User License AgreemenT
"Server License for CPUs. Licensed Software provided under this License Option gives Licensee the right to install the Licensed Software on a single machine or server ("Host Server"), or one or more Containers on the Host Server, and have the Licensed Software executed by up to the total number of CPUs, Cores, Integrated Facility for Linux processors ("IFLs"), Blades or other processing devices specified for the license in the applicable Product Order ("License Specification"). If the number of Cores is not specified for a CPU in the event a CPU is specified in the License Specification, such CPU shall be considered to be single-Core. A Server License for CPUs license covering all CPUs, Cores, IFLs, Blades and other processing devices that are contained in and/or can be accessed by the Host Server ("Total Processors") is required with all applicable license fees paid, even if one or more of such CPUs, Cores, IFLs, Blades or other processing devices are not accessing or running the Licensed Software. For example, if 32 Cores are the Total Processors on the Host Server, but only 16 Cores are utilized to execute the Licensed Software, a 32-Core Server License for CPUs license is required notwithstanding the fact that 16 of the 32 Cores may not actually be accessing the Licensed Software. Each Core on a multi-core CPU requires a Server License for CPUs license covering each such Core. For example a Host Server with Total Processors consisting of a single quad-core CPU will require a 4-Core Server License for CPUs license and payment of the license fees applicable to all 4 Cores." OPEN TEXT – ECD Central Processing Unit (“CPU”) ModeL Affected products are any of those on your Order From that have a UOM code of ‘ZA’:  "Licensing and pricing is based upon the total number of CPU cores present in the computer upon which the ECD Software will operate. The ECD Software is licensed per physical dual-core device (“Dual-Core CPU”). Licensee must purchase an individual Software License for each Dual-Core CPU on which the ECD Software is executed or made available to execute." If you are in the unfortunate position of running any products that fall into the categories above, act fast. You will need to either move the affected applications to a right-sized physical box (with all of the accompanying issues that presents) or seek to agree with the vendor the appropriate virtualisation terms (and be wary – if they play this type of game that will likely just get their cash registers ringing). We find it hard to believe that such terms remain in vendor agreements, more so even deemed enforceable. If you've had the misfortune to have gone through such an affront, or think you might be about to, get in touch - we'd like to hear of (or help with) your experience.
IT SEEMS AUDIT SEASON HAS STARTED EARLY ...Revenue outlook must be a concern for a number of large, global corporates going by the number of audits we're aware of already this year - typically they seem to favour the mid to late part of the calendar. And lets face it, an audit is the last thing you need when you're just getting back to those major initiatives that need focus. Of course often its that very focus that leads to compliance issues - lacking the necessary oversight and controls in your IT landscape its not uncommon for BAU changes to cause a world of difficulty - a simple server refresh that introduces more cores, a change in access permissions that broadens the user base, or perhaps just plain old virtualisation. So what might target your organisation for attention by those loathed 'License Review Teams' waiting out there? Well the answer is, more than you might think. Typically something has got you to the top of the list. It can of course be within a common cycle such as at a contract renewal period, or an untimely prompt by one of those independent organisations whose entire income is through specialised and aggressive audits, but if not, what might cause it - and how might you prevent it? First, consider the common triggers:
If any of the above have you a little worried look for the most telling signal from your vendors of an impending audit - the unexpected communication that your "account team is going through some changes", which is simply a calculated, preemptive move to extricate any history and/or advocacy you might otherwise have had - prepare and get ready! all of those "but" arguments will get you nowhere - "but we had an agreement", "the account have known it was like this for years", "it was the licensing sold to us", etc etc. Alternatively, if you're feeling comfortable that you're not under any imminent threat its still a good idea to take stock and review your position against the common triggers. The best defense is without doubt a robust and competent software licensing function within your organisation that maintains the necessary level of control (and has the added benefit of warding off those vendors who would rather take on an easier, less capable target). When it comes to licensing and compliance its good practice to not treat your vendors like 'trusted partners' - keep in mind who they're actually working for, and who's paying their salaries. So - what to do:
Concerns? if you need any help, we're just a phone call away.
With a New Year ahead it's a good time to reflect on your IT Licensing status and Compliance Position - Are you confident that it's all under control?
Or does effective management of IT licensing just seem too vast and perhaps cost prohibitive to implement and maintain? It can seem that way - there are numerous and ever changing products, platforms, and models to complicate the situation, so how do you keep up? And what about the cost? - yes, Software Asset Management and Licensing Compliance to many executives can seem like an unnecessary spend, much like the early days of Disaster Recovery where the prevailing thinking was typically "why would we spend so much on hardware that's just going to sit idle?". Well compare that to the contemporary thinking today where Service Recovery is a given with any robust application - the spend is seen as a worthy investment, not just additional cost. At Software Compliance we recognised these factors as the perplexing problems the majority of organisations with broad IT solutions faced, and we decided to develop a solution that would work - and scale - to a vast array of companies, particularly SME's. So how did we do it? First and foremost we developed a tool to enable organisations to capture, contain and maintain that vast amount of software information important to them - their contracts, deployments, and licensing - the tool - ComplianceWare. Not only does ComplianceWare discover and track your software deployments, but it removes layers of licensing complexity by automatically tallying installations, performing product bundling where appropriate, and providing direct links to vendor licensing information to help you decipher whats relevant - all kept current for you by the team here at SWC. So if that solves the complexity issue, what about the next inhibitor - cost? Again, that was something we were very aware of. While there were existing solutions in the market they are typically high-end, bloated products aimed at large enterprises at a cost to match. We took a different approach - build a lean, cloud delivered, simplified application that organisations could subscribe to based on their requirements, and be there to provide ongoing support and expertise as those ever-changing products and platforms emerge and evolve. All at a such a compelling cost you'll wonder why you paid such exorbitant remediation fees in the first place (or perhaps might be about to!). So as holidays come to an end and we embark on another year it's a good time to reflect and ask yourself, in 2019 will we be:
It's not nearly as hard or as costlier a problem as you might believe it to be - find out more - get in touch and let's see how we might be able to help you gain more success in 2019.  effective January 2019 ORACLE HAS ANNOUNCED THAT Java SE 8 public updates will no longer be available for "Business, Commercial or Production use" without a commercial license.What does this mean to your organisation? ... For Commercial Users (being those "entities other than Oracle Customers that use Java SE for free for business, commercial or production purposes as part of a Java application delivered by a third party or developed internally" Oracle will not post further updates of Java SE 8 to its public download sites after January 2019. If you need continued access to critical bug fixes and security fixes as well as general maintenance for Java SE 8 or previous versions you'll need a long term support subscription through Oracle Java SE Advanced Desktop, or Oracle Java SE Suite. Of course if Java is licensed for use under another Oracle or other third-party license you are exempt. You'd be entitled to ask - what exactly is Oracle's justification for this new charge, well simply put their contention is captured in this statement: "As the main contributor and steward of Java SE, Oracle is the only company that can guarantee long-term support and updates on a timely and predictable schedule. The Java SE Subscription from Oracle provides access to tools that consistently manage updates, enables enterprises to monitor their own Java platforms, and provides direct access to a specialized Java SE support team" Where to next? ... What do I need to do?? Assuming you have broad use of Java SE like most organisations - noting the Java Platform, Standard Edition (Java SE) and Oracle Java SE Advanced and Suite products are currently shipping from Oracle in the form of the Java Development Kit (JDK), and Java Runtime Environment (JRE) - you'll need to inventory your entire software landscape to identify what installations you have, under what license. For those that aren't captured by an over-arching entitlement you will need to assess the level of support and currency you are willing to operate. Put simply, that all means:
And what's that all going to cost? ... Well the latest Oracle Technology Global Price List (June 19, 2018) states the following under Fusion Middleware:  ... however the literature surrounding the Subscriptions appears to indicate a more reasonable cost profile:  So with January 2019 looming the priority needs to be getting full clarity of your position:
... and then quantify what that might cost. It would be fair to predict that Oracle will no doubt scrutinise this space at some point in the near future ... best to be prepared. ... and that's where Software Compliance and our ComplianceWare tool can help ...
READY TO WORK WITH US? |
 |  |
What will 'end of support' mean? ... it will mean the end of regular security updates, and with the extent of hacks and attacks going on at any time - and the (legitimately) tough regulatory position on data protection - that would be a concern to all.
Now there are of course some options available at this stage to address this exposure:
- If you are an Azure customer, Extended Security Updates will be available for free in Azure for 2008 and 2008 R2 versions of SQL Server and Windows Server to help secure your workloads for three more years after the end of support deadline.
- If you run on-premise installations, you will be able to purchase Extended Security Updates for three more years as long as you have Software Assurance or Subscription licenses under an Enterprise Agreement enrollment.
So if it's free for Azure customers, what does it cost if I'm not? ...
75 percent of the full license cost of the latest version of SQL Server or Windows Server, purchased annually to cover only the servers that require the updates.
Ouch.
But wait, there's more. If you happen to run any IBM software under Windows Server, and you also run those servers in a virtualised environment, you need to be aware of an often overlooked limitation under IBM's sub-capacity rules. And that relates to 'Eligible Technologies'.
A quick glance through the regularly updated table by our ILMT development friends could come as a bit of a shock if you happen to still be running Windows Server 2003 - it's no longer an eligible technology - take a look at the snippet below under VMware:
You can view the entire list here.
And if it's 'not eligible', what does that mean? Basically that you'll need to revert to manual counting for that environment, and for which IBM provides a particularly onerous method and template as an Excel workbook downloadable here.
So taking the Windows Server 2003 omission as an example it's fair to expect that we'll see Windows Server 2008 drop off in equally quick time. Not only then is there a compelling cost imperative due to Extended Support, but an equally expensive overhead with IBM sub-capacity tracking and reporting as well (remember - you need to generate your sub-cap domain usage quarterly).
Time to act!
Microsoft have an advisory page here that is worth checking which also provides links to their end of support resource center for further advice and assistance. And if you're looking for a better tool than perhaps a spreadsheet for you IBM sub-cap reporting we have just the ticket with our ComplianceWare application - we recommend you check it out here!
 |  |
The BSA, in collaboration with IDC, release their latest global study:
Software Management: Security Imperative, Business Opportunity.
This revealing June'18 study set out to quantify the volume and value of unlicensed software installed on personal computers across more than 110 national and regional economies, finding that although there has been a global two-point drop in unlicensed software installation rates during the last two years, an astonishing 37 percent of software installed on personal computers is still unlicensed.
Of the six regions encompassed by the study, Asia-Pacific was one of four in which the majority of software deployed on personal computers was unlicensed, representing the largest commercial value globally:
And while the rates across both Australia and New Zealand have shown a decline over recent years there is clearly still room for improvement:
Compelling numbers - sure, but how does unlicensed software translate to an imperative to me and my organisation?
The answer can be summed up succinctly in just two words - Savings and Security.
savings.
IDC estimates that when companies take pragmatic steps to improve their software management they not only boost their bottom line by as much as 11 percent, but can also achieve as much as 30 percent savings in annual software costs by implementing a robust SAM and software license optimisation program.
They also calculated that by improving the software compliance rate by just 20 percent (for example, lowering an unlicensed software rate from 24 percent to 19 percent), an enterprise with annual revenue of $83 million (the average in the survey) could increase profits by an astounding 11 percent. This, along with other benefits stated by CIO's below, represent compelling reasons to adopt a strong SAM practice in any organisation, irrespective of size:
SECURITY.
In addition to the potential savings, the study highlights that organisations need to consider the security risks of running unlicensed software, in particular the heightened one-in-three chance of encountering malware, with the associated costs potentially more than $10,000 per infected computer, and a combined cost to companies worldwide of nearly $359 billion a year.
While the primary concern relating to malware was the theft of data (46 percent), there were also significant concerns with other key exposures of:
- unauthorised network access (40 percent)
- responding to potential ransomware (30 percent)
- system outages and downtime (28 percent), and
- the time and cost of disinfecting the network (25 percent).
Clearly, minimising malware exposure by avoiding unlicensed use is critical but, even when a company is using licensed software, the study reiterates that having an adequate SAM system in place is still essential.
The study concludes with the very relevant and often over-looked point that robust SAM also helps companies accelerate the transformational benefits they can achieve by migrating to the cloud by providing the foundational steps necessary to make a smooth transition - think how can I leverage the value of current software assets without knowing what those assets are?
A timely reminder (and prompt) for those with responsibility across their organisations commercial software. If you're unsure where to start just get in touch with us here, and if you're lacking the tools necessary to manage your IT landscape take a look at the most cost effective SAM tool on the market - ComplianceWare - here (where you can also request a demonstration login to try it out for yourself as well).
If you are an IBM zSeries customer running a zEC13, zEC12 or zBC12 server (although actual mobile workload may be running on any zEnterprise machine including z196 and z114) utilizing z/OS Mobile Workload Pricing (MWP) eligible products - CICS, IMS, MQ, DB2 and WebSphere – did you know you could potentially reduce your z/OS peak MSUs attributable to mobile workloads by up to 60%?
Sounds interesting right, so how might you go about implementing it?
Sounds interesting right, so how might you go about implementing it?
Firstly, lets look at the technical fundamentals:
Ok then, how does this actually translate to benefits?
Per the diagram below, with the Mobile Records identified, the resultant usage data is submitted into the MWRT and up to 60% of the designated capacity is then deducted from the overall LPAR values (Refer steps 1-3):
- You’ll need to be able to tag and track mobile transactions, and there are different architecture options for doing so:
- Option 1 - Route requests to mobile specific regions ; or
- Option 2 – use the same regions and filter mobile transactions based on a tagging mechanism.
- You’ll also need the MWRT (Mobile Workload Reporting Tool) which replaces SCRT and will subtract mobile CPU seconds from peaks.
Ok then, how does this actually translate to benefits?
Per the diagram below, with the Mobile Records identified, the resultant usage data is submitted into the MWRT and up to 60% of the designated capacity is then deducted from the overall LPAR values (Refer steps 1-3):
Sounds good, but how would each option actually work and on what basis do I choose one over the other?
Option 1 - Use individual regions for mobile-only workloads:
- Relies on implementing a routing mechanism such that all mobile requests go to a distinct set of processing resources (CICS or IMS regions for example) and then simply measure the CPU consumed by those regions.
- Region CPU can be measured using SMF 72 (RMF Workload Activity) or SMF 30 (Address Space Activity)
- This has the advantage that transaction-level monitoring is not required – in this example, it does not need CICS SMF 110 records. It also means that all of the CPU used by the region is captured.
- Relies on a ‘mobile tag’ being sent with the request so that transaction-level monitoring can filter the transactions and accumulate CPU only for the mobile transactions.
- Reflects most system setups today e.g a CICSplex (set of CICS regions) processing requests from different channels.
To supplement either you’ll also need a tool to analyse the transaction level data. There are a number of tools (IBM and non-IBM) on the market today, such as generic tools like TAW and TDS which are capable of processing records from multiple products, or if your MWP comprises a limited product set (e.g just CICS DB2) then a product based tool such as CICS PA would suffice.
And finally, you’ll need a Contract Supplement (don't forget the Supplement!) agreed with IBM outlining how the mobile CPU for each of the MWP programs will be calculated, which would be something similar to the below :
If you’re not ready to go down the MWP path yet you might still want to consider what could be done now in preparation, eg.
- tag and track mobile workloads (you cannot assess what you cannot measure);
- and if you can, simplify the process of quantifying CPU utilisation by isolating mobile workloads to their own processing region.
Happy saving!
As the chatter of audits increases around the industry
the range of reaction can be outright fear to mild anxiety,
but ... sometimes - enthusiasm!
the range of reaction can be outright fear to mild anxiety,
but ... sometimes - enthusiasm!
What I hear you say - Enthusiasm??
Well yes surprisingly - for those organisations who run a well informed and skilled software / licensing function - it offers the prospect of evaluating just how effective their investment in processes and tools has been, and make any adjustments as/if necessary. Similarly, it provides an opportunity for objective feedback to management in a discipline that is otherwise difficult to gauge - just think - how can you quantify ROI without having a relative measure to report against?
Well yes surprisingly - for those organisations who run a well informed and skilled software / licensing function - it offers the prospect of evaluating just how effective their investment in processes and tools has been, and make any adjustments as/if necessary. Similarly, it provides an opportunity for objective feedback to management in a discipline that is otherwise difficult to gauge - just think - how can you quantify ROI without having a relative measure to report against?
The contrary position - where organisations have no certainty at all of their compliance state - is not a great place to be and certainly does warrant some anxiety. Not only is there the likelihood of remediation (at $$?? cost), but when you don't have a position what can you actually contest? There's no doubt that the 'arms-length' engagement of external auditors allows just that much more vendor independence to put more onus on you the customer - the audit will deliver a straight deployment report, leaving it to you to clarify what might be chargeable, and what might not.
Examples .... development software that might be free, supporting products under one suite that might be dispersed across servers, or even bundles - permitted, but unless qualified by you will still be listed as chargeable installs.
So it's worth considering just where you are on the compliance scale.
Ask yourself these three key questions:
- Do you have dedicated resources overseeing your software assets?
- Do you have a current, accurate and accessible record of your entitlements?
- Do you have the necessary software discovery and inventory tools to keep track of your deployments?
If you do - great! - check that the processes are running as expected and you can take any impending audit on without that gut-wrenching fear and anxiety.
If you're lacking on any front though some attention is warranted. Start with ownership - who will be responsible and held accountable for your software assets? Then, how will you keep a current and complete record across it all?
You'll no doubt arrive at the conclusion you'll need tools to help do it all efficiently and effectively, so the question becomes - which tool is right for you? What features and functions do I really need? What price do I then want to pay for it?
The very questions that led us to develop ComplianceWare - our full featured, cloud-based product designed to meet the needs of organisations who don't want those top-end highly integration reliant, distended suites offered by some more well known global providers. ComplianceWare offers just those essential functions in an easy to use web-based application such as software discovery and deployment reporting, customisation via configurations and conventions, and of course a contracts and license repository.
And by delivering just the essentials we can offer a price to match - that is, the most cost effective solution you will find in the market. Try it as a one-off managed service (perhaps even using that audit data you've just been asked to provide) and evaluate on your own estate, or as a term license have access when and as you need it. Take a look at the Documentation or request a Demonstration to find out more, and then we're always here to help you out as needed!
It happens all too often - the assumption that a 'standard' licensing metric carries its 'standard' definition - only to find out (generally through an audit) that no, thats not the case.
A classic example - the FTE metric. Simple right? Full Time Equivalent, standard 38 hours per week, calculated across the hours worked for the period by the organisation. Well as it turns out from some recent examples, perhaps not.
A classic example - the FTE metric. Simple right? Full Time Equivalent, standard 38 hours per week, calculated across the hours worked for the period by the organisation. Well as it turns out from some recent examples, perhaps not.
Consider firstly, what constitutes the organisation? Does it extend to other entities in your company structure, ie. affiliates, joint ventures, perhaps franchisees? How that is interpreted could have a massive impact to the size of your FTE pool that needs to be measured. And if theres an automatic inclusion clause in the contract then as soon as an acquisition occurs you're liable even though they'll probably neither be intending to use the system or be operationally integrated for some time (remember that little innocuous checkbox in your Microsoft Enterprise Agreement?).
And then what actually comprises 'hours worked'?
Now surely thats straight-forward? Well as it turns out - No.
It might just be that your vendor considers it to be all hours that are recorded in your system - annual leave, sick leave, even maternity and long-service leave. Or how about time spent volunteering, ie. time not even associated with your business - yes, that can be included too, to the extent that we have seen external influences captured under the definition as well, such as records related to CentreLink payments or involvement with the Defence Forces.
So don't just assume that basic metric is what you expect it to be. Go through the contract definitions - and if its not there make sure it gets added, and as always it needs to be clear, complete, and unambiguous. If unsure, check some scenarios with your vendor and if its warranted have those included in the documentation as well.
It can save you a lot of angst at a later time
How might it affect performance and licensing?
As the full implications emerge with the design of Intel's (and potentially others) x64 processor (see more at the Register here) we await with interest a response from software vendors as to how the corresponding issue of licensing will be answered and resolved.
Given patches are now being released (eg. AWS EC2 5th January, Azure the 10th January) the resultant performance impacts will become the subject of intense scrutiny. Why? well if, as reported, processing power diminishes anywhere from 5 to 30 percent how will customers be compensated?
Processor and Core based software has been dutifully acquired on the basis of the underlying performance of the chipsets on which the products are run (consider IBM's PVUs, Microsofts Core minimums etc). Now though, if that proves to be erroneous, surely a remedy must be made available to the customer who has paid for a defined - and benchmarked - level of processing power?
Take the scenario whereby a customers current 2,000 PVUs can no longer deliver the required throughput and needs a further 500 PVUs in order to deliver the same capability - you would be right to expect no additional charges to apply given there is no improvement in performance surely? And what about needing more hardware just to achieve the current level of demand, or a Cloud vendor purchasing an array of new servers in order to provision more vCPUs for their PaaS / SaaS customers just to meet the same CPU cycles ?
That all costs money, so ... Who Pays??
Which then presents an intriguing conundrum for the chip makers and the software vendors. Presumably there will be a vast re-benchmarking exercise (and consider chipsets produced in the last 10 years are potentially affected) the question then being, what is to be done on the basis of the results? Compensation? Free License Grants? Reduced Annual Maintenance fees??
So we expectantly await vendor responses once the focus on getting fixes out shifts to the underlying and associated commercial dilemma confronting the industry. What can you do in the meantime? Firstly, make sure you have current performance metrics that you can measure any degradation against, and then pose these questions to your vendor Account Manager, your Sales Rep, your Software Specialist - ask how any performance issues you experience might be remediated in the immediate term, and request an open and regular communication channel to stay informed as it all progresses ...
We firmly believe - if the projected performance impacts do transpire - this issue will prove to be one of the most perplexing problems to emerge in the IT industry in many years.
Watch this space for further updates as more unfolds.
While these three little snippets might not seem particularly sensational they are worth noting precisely for that reason - they are likely lurking in the background, ready to cost you money when you least need it!
| 1. IBM License Management Tool (ILMT) |  |
OK, so we all know that under the IBM sub-capacity rules we must produce a report from ILMT every quarter right? And we know that we must sign and date that record, and keep them all as an artefact that may be required during any audit too, right?
All good, then the tip:
All good, then the tip:
Make sure you have configured ILMT correctly and fully for VM Management.
What's so important about VM Management in ILMT? If not properly configured it will default to 120 PVUs per core, so you could be over-reporting without being aware. How can you tell if its configured? Firstly, it shows a status on the Dashboard, and secondly, if not configured servers will be displayed with a serial-like number beginning with 'TLM_VM' or similar.
If you need more information on how to configure just look here.
| 2. Microsoft Subscription Licensing. |  |
Microsoft in many ways have led the industry in a shift to SaaS offerings backed by subscription based licensing. While this may appear to have a favourable ROI initially, there are other Time-Value commercial components to consider.
Firstly, you need to be aware that your licensing is now not only visible but manageable real-time by Microsoft. So from a commercial perspective there is now no locked-in pricing for the typical 3 year term of an Enterprise Agreement, instead you will see price increases built-in year on year in your CPS. And more so, there is no 'True-Up' benefit whereby you would pay essentially half the cost in the year in which you deployed the product - you now 'reserve' the additional licenses you need to be drawn down, and you start paying from that month onwards.
The tip?
The tip?
Make sure you consider TVM with subscription changes in your ROI / Cost Comparisons.
And the last tip for 2017 ... a favourite topic here at Software Compliance ... processor to core conversion.
| 3. No 'unpacking' of Core Licenses So a quick tally of the number of core licenses across your Windows Server fleet divided by 16 gives you your number of 16 Pack licenses required right? |  |
Wrong! ... A license pack is applied to a server, so where you have say a 12 Core server you need to assign 6 x 2 Core packs - you can't assign 12 from your 16 Core pack, and then apply the other 4 elsewhere. A nasty - and potentially expensive error - if not properly considered in determining your conversion.
And so ends 2017 ... we look forward to a busy and productive 2018 for us all!
Gone are the more simplistic days of Microsoft Per Processor licensing when there was a basic assignment of a single license to a processor, unlimited use and access, all available across multiple editions of software. Indeed, Microsoft were touting per processor as a major point of difference looking back to even SQL Server 2008, going as far as to claim ‘thought leadership’ when it came to competitor licensing models aligned to multicore processors.
From 2016 though (and noting the GA of SQL Server 2017 from October 2017), following their conformance and gradual demise of the processor metric, there are now primarily three Per Core licensing models:
So let’s take a look at 2 more common server products afflicted by this change, SQL Server under (1) and Windows Server under (2) – and if you are intending to use Self-Hosting or SPLA rights note that there are further considerations not covered here, the context of this blog contained to licensing acquired under Microsoft’s Volume Licensing offerings (refer: Microsoft Commercial Licensing)
From 2016 though (and noting the GA of SQL Server 2017 from October 2017), following their conformance and gradual demise of the processor metric, there are now primarily three Per Core licensing models:
- The Per Core model used by SQL Server and BizTalk Server;
- The Per Core/CAL licensing model used by Windows Server (Standard and Datacenter edition) following the release of Windows Server 2016;
- The Management Servers (core-based) licensing model used by System Center (Standard and Datacenter edition) following the release of System Center 2016.
So let’s take a look at 2 more common server products afflicted by this change, SQL Server under (1) and Windows Server under (2) – and if you are intending to use Self-Hosting or SPLA rights note that there are further considerations not covered here, the context of this blog contained to licensing acquired under Microsoft’s Volume Licensing offerings (refer: Microsoft Commercial Licensing)
SQL Server 2016
With SQL Server 2016 Per Core licensing, each server running software or any of its components (such as Reporting Services or Integration Services) must be assigned an appropriate number of SQL Server 2016 core licenses. The number of core licenses needed depends on whether you are licensing the physical server or individual virtual operating system environments (OSEs), across either edition.
With SQL Server 2016 Per Core licensing, each server running software or any of its components (such as Reporting Services or Integration Services) must be assigned an appropriate number of SQL Server 2016 core licenses. The number of core licenses needed depends on whether you are licensing the physical server or individual virtual operating system environments (OSEs), across either edition.
Unlike the Server+CAL licensing model, the Per Core model allows access for an unlimited number of users or devices to connect from either inside or outside an organisation’s firewall. With the Per Core model, you do not need to purchase client access licenses (CALs) to access the SQL Server software.
When running SQL Server in a physical OSE, all physical cores on the server must be licensed, noting software partitioning does not reduce the number of core licenses required except when licensing individual virtual machines (VMs). A minimum of four core licenses are required for each physical processor on the server, with the use of hyper-threading not affecting the number of core licenses required when running in a physical OSE, only those licensed under individual virtual machines (which are still subject to the four core minimum).
So with the basics understood you’ll then want to familiarise with what you gain with the addition of a Software Assurance subscription…
Key SQL Server SA Benefits
- License Mobility: If you are deploying to a server farm with technology such as VMware’s vMotion you’ll need SA for license mobility, now extended to cloud providers that are Microsoft Authorised Mobility Partners;
- Unlimited VMs: don’t be mistaken by the ‘Enterprise’ license denotation – without SA you can only run up a maximum number of VMs (with unlimited vCores) equal to the number of core licenses assigned to the server, and without SA that means having to buy more licenses should you exceed the maximum;
- Failover Rights: A secondary server used for failover support does not need to be separately licensed for SQL Server as long as it is passive (ie. not serving data, such as reports to clients running active SQL Server workloads, nor performing any “work”, such as additional backups being made from secondary servers) and the primary SQL Server is covered with active SA, noting the licenses must cover the higher number of associated server cores in the HA coupling.
And be cautious – the components of a SQL Server license cannot be separated. While management tools and other software identified as additional or supplemental software such as product documentation, client connectivity tools, software add-ins, and Software Development Kits (SDKs) can generally be distributed and run on any number of devices for use with a licensed instance of SQL Server software, other licensed components such as the SQL Server Database Engine (DB), SQL Server Services for Windows, Master Data Services (MDS), Analysis Services (AS), Integration Services (IS), Reporting Services (RS), and Data Quality Services (DQS) will require licensing if deployed to other servers. You can find more details of the components at: SQL Server Software Components
And for Non-Production: Effective April 1, 2016, SQL Server Developer Edition became a free product, available for download from the Microsoft Dev Essentials program as a potential alternative to the likes of a Visual Studio subscription. SQL Server 2016 Developer Edition is a fully featured version of SQL Server software—including all of the features and capabilities of Enterprise Edition--licensed for development, test, and demonstration purposes only.
Windows Server 2016
For both Standard and Datacenter editions, the number of core licenses required equals the number of physical cores on the licensed server, subject to a minimum of 8 core licenses per physical processor and a minimum of 16 core licenses per server (sold in 2-Core and 16-Core packs).
For both Standard and Datacenter editions, the number of core licenses required equals the number of physical cores on the licensed server, subject to a minimum of 8 core licenses per physical processor and a minimum of 16 core licenses per server (sold in 2-Core and 16-Core packs).
Which means being very careful when you tally your overall requirement – make sure you account for the 16-Core per server minimum across any single CPU servers you might have in your inventory where you might otherwise under-allocate (where <16).
And the differences in the editions?
- Standard: When all cores on the server are licensed (subject to the minimums), you can deploy two OSEs or two Hyper-V containers and unlimited Windows Server containers.
- Datacenter: When all cores on the server are licensed (subject to the minimums) you can deploy unlimited OSEs, Hyper-V containers, and Windows Server containers.
(and if you're looking for a definition of containers, look no further - go here)
So, To Finish …
Bear in mind that in both cases you will still need to account for the CAL requirements if necessary (and remember to count all direct and indirect users/devices, ie. no multiplexing), typically via the likes of a Core CAL Suite or equivalent, which as an example provides the following licenses:
Noting that the likes of SQL Server CALs and Dynamics/CRM CALs must be acquired separately.
- Windows Server CAL
- SharePoint Server Standard CAL
- Exchange Server Standard CAL
- System Center Configuration Manager Client Management License
- System Center Endpoint Protection Client Management License
- Skype for Business Server Standard CAL
Noting that the likes of SQL Server CALs and Dynamics/CRM CALs must be acquired separately.
Microsoft have provided a very helpful Licensing Brief across Core Licensing that I would also recommend reading for more information.
IBM first introduced sub-capacity licensing in 2005 in response to the production of the x86 dual core chipset on the premise that licensing could shift to each core on a chip, not just the chipset itself. Clearly this has merit given today's much more complex, virtualised technology platforms with chips containing up to 18 cores - the enduring problem though for customers: understanding the sub-capacity rules and staying compliant.
So lets take a look at one of the most common IBM sub-capacity metrics - the Processor Value Unit or PVU for middleware. Firstly, lets be clear on IBM's terminology relevant to this discussion:
So lets take a look at one of the most common IBM sub-capacity metrics - the Processor Value Unit or PVU for middleware. Firstly, lets be clear on IBM's terminology relevant to this discussion:
Core - A functional unit within a computing device that interprets and executes software instructions.
Chip – electronic circuitry, containing but not limited to at least one core, on a silicon wafer.
Socket – the mount that secures a chip to a motherboard.
Processor – There remains disagreement in the computer industry over the definition of a processor. IBM defines a processor as the core. For example, a dual-core chip has two processor cores on it.
Chip – electronic circuitry, containing but not limited to at least one core, on a silicon wafer.
Socket – the mount that secures a chip to a motherboard.
Processor – There remains disagreement in the computer industry over the definition of a processor. IBM defines a processor as the core. For example, a dual-core chip has two processor cores on it.
As an IBM customer there are certain prerequisites to employing sub-capacity licensing under your Passport Advantage (PA) Agreement:
So with that all ticked off (and make sure they are - you will need these artefacts in the event of any audit), what are the basics in determining the number of licenseable PVUs?
If counting physical cores you count Activated Processor Cores, which are processor cores that are available for use in the server (ie. don't count if deactivated).
The illustration below provides an example of the counting rules applied in an x86 environment where the Virtualisation Capacity equates to the number of licenseable cores:
- Use Eligible Sub-capacity Products;
- Use Eligible Virtualization Technologies;
- Use Eligible Processor Technologies; and
- Use the IBM License Metric Tool (ILMT) and maintain report documentation − Tivoli Asset Discovery for Distributed (TADd) or IBM BixFix Inventor in lieu of IMLT
So with that all ticked off (and make sure they are - you will need these artefacts in the event of any audit), what are the basics in determining the number of licenseable PVUs?
- The required number of PVUs depends upon the type of processor and the total number of processor cores available to the product;
- You can license the at the physical layer, ie. physical cores on the server (full-capacity) or the highest number of PVUs available to the VM on which the product is installed (sub-capacity);
- Where no virtualisation technology is employed sub-capacity = full-capacity; and
- Where the sub-capacity core count for an installed product is higher than the physical core count, sub-capacity = full-capacity (ie. take the lower of the vCPU's or the physical cores available to the product.
If counting physical cores you count Activated Processor Cores, which are processor cores that are available for use in the server (ie. don't count if deactivated).
The illustration below provides an example of the counting rules applied in an x86 environment where the Virtualisation Capacity equates to the number of licenseable cores:
So with the number of cores established, how do we determine the applicable PVU count?
IBM assigns a PVU per processor core rating to each processor technology collated in the PVU Table published on their website - and note just how much has changed when you compare to the original table from 2006 below (!)
IBM assigns a PVU per processor core rating to each processor technology collated in the PVU Table published on their website - and note just how much has changed when you compare to the original table from 2006 below (!)
You'll need the requisite system access in order to interrogate your systems to determine the relevant processor model - refer to IBM's helpful Guide if you need more information on how to do this (or, let our ComplianceWare tool do it all for you!)
Its then a matter of extrapolating the PVU counts by cores across your product installations, and tracking on a regular basis to be sure you account for the inevitable changes in your environment that alter those figures (again, easily done through system compares of our ComplianceWare output).
IBM has published a list of FAQ that should assist you through any other queries you might have, or ... comment here and we'll be happy to help!
Its then a matter of extrapolating the PVU counts by cores across your product installations, and tracking on a regular basis to be sure you account for the inevitable changes in your environment that alter those figures (again, easily done through system compares of our ComplianceWare output).
IBM has published a list of FAQ that should assist you through any other queries you might have, or ... comment here and we'll be happy to help!
Having just launched our ComplianceWare tool as a web-based application the various components of the solution stack serve as a prime example of the depth of licensing complexity and ancillary terms given the number of platforms utilised in the web-central (or cloud) model as is prevalent these days.
In the case of ComplianceWare, we decided to utilise an Opensource stack of products that, rather than requiring the likes of source disclosure (eg. GNU licences), are subject only to the typical copy-left inclusion of acknowledgements (eg. BSD-3). This, coupled with a SQL back-end issued under a similarly liberal PostgreSQL (MIT-like) license allowed us to construct an industry-grade solution entirely within the Opensource domain.
When it comes to deployment though there are of course provider terms, and that's when it can pay to look around. With a scaled application like ComplianceWare many providers have a tiered model to suit start-ups like ourselves in particular. And you don't necessarily need to limit yourself to a single platform. As an example, to keep our data local we use S3 storage from the AWS Sydney hub, while the web application actually runs out of US based data centres. And across all, you only pay for what you use - from fee-free to pay-by the-hour.
So if you are looking to implement a similar scalable solution, consider the stack approach - the benefits are essentially two-fold - firstly, the terms imposed by providers are generally minimal, and secondly, you gain broad access to low-cost hosting - all still to a robust industry standard.
And if you'd like to see all this in action just ask for a login to our ComplianceWare demo site by sending an email to us at demo@swcompliance.com.au!
In the case of ComplianceWare, we decided to utilise an Opensource stack of products that, rather than requiring the likes of source disclosure (eg. GNU licences), are subject only to the typical copy-left inclusion of acknowledgements (eg. BSD-3). This, coupled with a SQL back-end issued under a similarly liberal PostgreSQL (MIT-like) license allowed us to construct an industry-grade solution entirely within the Opensource domain.
When it comes to deployment though there are of course provider terms, and that's when it can pay to look around. With a scaled application like ComplianceWare many providers have a tiered model to suit start-ups like ourselves in particular. And you don't necessarily need to limit yourself to a single platform. As an example, to keep our data local we use S3 storage from the AWS Sydney hub, while the web application actually runs out of US based data centres. And across all, you only pay for what you use - from fee-free to pay-by the-hour.
So if you are looking to implement a similar scalable solution, consider the stack approach - the benefits are essentially two-fold - firstly, the terms imposed by providers are generally minimal, and secondly, you gain broad access to low-cost hosting - all still to a robust industry standard.
And if you'd like to see all this in action just ask for a login to our ComplianceWare demo site by sending an email to us at demo@swcompliance.com.au!
It's there in the agreement, you can bet on it. Indirect Access. Whether it's disguised as 'qualified users, or 'devices', or perhaps 'multiplexing', it's prohibited. And that means you need to be sure that the access you're providing to your licensed systems is correct and compliant.
The simple way to think about it is that if it's related to a proprietary system, or sourced from a proprietary system, any access must be properly authorised. And that means properly licensed. So whether it's via an API, an interface, or extracts, you need to ensure that you're compliant with the terms of your agreement - to not be can prove very problematic, and potentially very costly.
Take the recent finding (Feb 2017) in favour of SAP UK over DIAGEO Great Britain which you can view at http://www.bailii.org/ew/cases/EWHC/TCC/2017/189.html in a remarkably readable form for a crown judgement. The core of the matter was the "Named User" metric by which DIAGEO licensed its SAP installation, and the development and use of functionality within Salesforce (known as Gen2 or Connect) that enabled DIAGEO customers and distributors to places orders, check stock availability and prices, see invoices and select delivery. Through various interfaces back to SAP, Connect provided the necessary data, lists, and workflow to those end customers and distributors 24x7 negating the need for a call centre to receive and process requests. Despite DIAGEO asserting that the use of Connect by customers was essentially no different to when they contacted and were processed through the call centre, the judge saw otherwise and ruled that such access constituted use of the SAP system.
The implications are yet to be seen, however in summary the damages were considered by the judge as below:
The simple way to think about it is that if it's related to a proprietary system, or sourced from a proprietary system, any access must be properly authorised. And that means properly licensed. So whether it's via an API, an interface, or extracts, you need to ensure that you're compliant with the terms of your agreement - to not be can prove very problematic, and potentially very costly.
Take the recent finding (Feb 2017) in favour of SAP UK over DIAGEO Great Britain which you can view at http://www.bailii.org/ew/cases/EWHC/TCC/2017/189.html in a remarkably readable form for a crown judgement. The core of the matter was the "Named User" metric by which DIAGEO licensed its SAP installation, and the development and use of functionality within Salesforce (known as Gen2 or Connect) that enabled DIAGEO customers and distributors to places orders, check stock availability and prices, see invoices and select delivery. Through various interfaces back to SAP, Connect provided the necessary data, lists, and workflow to those end customers and distributors 24x7 negating the need for a call centre to receive and process requests. Despite DIAGEO asserting that the use of Connect by customers was essentially no different to when they contacted and were processed through the call centre, the judge saw otherwise and ruled that such access constituted use of the SAP system.
The implications are yet to be seen, however in summary the damages were considered by the judge as below:
"In summary, usage by Gen2 sales representatives is not authorised usage under the Agreement. SAP is entitled to additional licence and maintenance fees, the level of such fees to be assessed in the quantum phase of the trial, if not agreed, by reference to the nature and extent of the usage and SAP's price list."
So, should we be concerned? Absolutely. If you're unsure of the your license grants or metrics, the terms of your agreements, or the compliance of any periphery/accessing systems, you need to take stock and run a full assessment exercise across your domain.
To be unaware is to be in danger.
To be unaware is to be in danger.