‘Practical implementation of Software Asset

Management (SAM)’
 Agenda

• An understanding of the principles of

SAM
• How does SAM fit into Service
Management
• Assessing the starting point in your
company.
• How to move forward
 License Management

The ability to manage licenses and to ensure that each product is compliant with
vendor licensing terms and conditions.
– Installed software
– Deployment type (Citrix, virtual, roaming profile)
– Client access / user licences
– Computing platform configurations
– Metering
– Contractual / but no cost (i.e. freeware)
 Example – How Many Licences needed

• Visio is licenced per seat

• 1000 PCs in total
• 500 of the PCs have terminal services client installed
• 3 approved Visio users (via terminal services)
• Only one user has actually used Visio

Answers
1 = 1 licence
2 = 3 licences
3 = 500 licences
4= 1000 licences
Asset Lifecycle

Request
Approve
Procure
Goods in
Pay

Release

Deploy

In-use

Incident

Problem

Retire
 License Management

Relationship and Contract

Request
Approve Change
Procure
Goods in
Pay
CMDB
SW Asset Control
(Libraries)
SW Asset Inventory

Release
SW SW
Deploy

A B
In Use
Incident
Problem
A = Recognition tables B = Upgrade /downgrade

Retire Asset record verification

License Compliance
 Asset tracking – hardware

Relationship and Contract

Request
Development

Approve
Procure
Goods in
Pay
CMDB
SW Asset Control
(Libraries)
SW Asset Inventory
Change

Release
SW HW HW SW
Deploy

In Use
Incident
Problem

Retire Asset record verification

 So what is SAM?

SAM is the effective management, control and protection of software assets within an
organisation and the effective management, control and protection of information about
related assets which are needed in order to manage software assets.

It is not just License management!

You may be forced to do SAM for :

• Risk management
• Brand image (Vendor audits )
• Penalties / fines
• Cost savings and avoidance
• Efficient contracts /
• Efficient software use (re-harvesting)
• Use of outsource partners
• Gaps in process and control have been made visible
• Internal / external audits, excess costs
• Loss of data or assets
 SAM – ISO/IEC19770-1:2006
Lifecycle Core SAM processes Organisational processes

Lifecycle process interfaces Operations management Control environment

Relationship and contract Corporate
Governance
Service level
Roles and
Security Financial responsibilities
Development

Acquisition

Inventory management Competence

Asset Identification Processes and
policies
SW asset control
SW asset inventory (libraries)
Change

Planning and
Release Implementation
SW HW HW SW
Deploy Planning
In-use Verification and compliance Implementation
Incident Asset record verification
Monitor and Review
Problem License compliance
Compliance verification Continual
Retire improvement
Conformance verification
 SAM and ITIL Processes

Lifecycle process interfaces Operations management Control environment

Relationship and contract
Supplier management Corporate
Governance
Service level
Service level
fulfilment

Roles and
Securitysecurity
Information financial
Financial responsibilities
Development

Acquisition

Inventory management Competence

Request

Assetand
Service asset Identification
configuration management Processes and
(SACM) policies
SW asset control
SW asset (libraries)
Change

inventory
Releaseand
Release Service Strategy Service
deployment
Deploy Design
SAM plan
Service Transition
In-use Verification and compliance Implementation
Incident
Incident
CMS
Asset record verification
Monitor and
Problem
Problem License compliance Review
Compliance verification Continual service
Continual
improvement
Retire improvement
Conformance verification

Acknowledgement ISO/IEC and ITIL

 SAM and Service Management

Why not combine SAM processes within our ITIL service management processes?

• Avoids duplication of workload

• Reduces duplication of data
• Change processes can be streamlined
 ITIL V3 Lifecycle and SAM
Service Transition
• Change Management
• Service Asset and Configuration Mgt.
Service Design
• Release and Deployment
• Service Catalogue Management
• Knowledge Management
• Information Security Management
Example
Example
• Vendor agreements
• The Solution
• The end of the project
• The initiation of the project
• Selection of suppliers
• Procurement costs
Service Operation
• Request Fulfilment

Example
• Asset lifecycle
Service Strategy • Procurements
• Service Strategy

Example
• Cloud Continual Service Improvement
• Sourcing • On going improvement
• Outsourcing
• Virtual Applications.

12
 Typical Inefficient SAM Processes

Acquisition
No links with service
Request
management
Non- Standard • No stock check
Approval • Approvals go straight to purchasing
Agreement • SAM manager makes all decisions
to purchase • Strategy is not considered
• Media gets lost
Purchasing • Deployment process not integrated
DSL • Wrong packages used for deployment
SW Goods in • Imbedded software not authorised
HW • Manual compliance process
Deployment • All SW uses the same process
payment
Under • poor software payment authorisation
Licensed • DSL (DML) likely to be uncontrolled

Contract
SW HW HW SW management
Deployed Software Procurement data

Manual process

License Position (Compliance)

 SAM Within Service Management

Request Fulfilment Service Strategy

and Design
Automated and
Request Procurement
integrated
catalogue
Approvals

Stock check • Service mgmt integration

• Process tailored to software
Purchasing Service • Controlled approvals
introduction • Stock check
DSL Non- Standard
Goods in • Responsibilities organised
SW HW • Deployment via AD group
Over/
Deployment • Links to packages
under Payment • Imbedded SW licensed
• Compliance based on SKU
Usage • Controlled payments
CMS • Usage management
Contract
SW HW HW SW management
Deployed assets Procurement data Contract

Knowledge management -automated

Usage
License Position (Compliance)
 The First Step - Assessment

Few understand SAM, the changes involved and resources required, so risk of failure is high.

- Identify available data, accuracy and gaps

- Highlight process gaps which impact beyond SAM
- Identify benefits / links to operational activities

Using a maturity model to communicate the current position and issues is good practice
 Maturity Model (SOM) - KPIs
Basic Standardized Rationalised Dynamic ITIL Integrated
1 2 3 4 5
Assets are basically Assets are controlled Assets are actively Asset management Asset management
uncontrolled with manual controlled but not fully automated and integrated with ITIL
processes fully centralised centralised

No policies Limited policies Published policies Enforced policies Integrated policies

No SAM owners or Senior execs informal Senior exec responsive Senior exec highly Senior exec
accountability involved accountable
Some electronic Various electronic
No electronic records records formats Single electronic SAM integrated with
available format Config. MGMT
Low coverage and Partial centralised
No technology inaccurate technology technology Technology has full Technology fully
coverage and is integrated
trusted

Source: Microsoft
 Example maturity results
Organization HW Outsourced Organization Small company
5 5
Retirement 4 SAM Plan Retirement 4 SAM Plan
3 3
2 2
Deployment Inventory Deployment Inventory
1 1
0 0

Acquisition Inventory % Acquisition Inventory %

Operations Licenses Operations Licenses

Compliance Compliance

Organization Blue chip Organization Small company

5 5
Retirement 4 SAM Plan Retirement 4 SAM Plan
3 3
2 2
Deployment Inventory Deployment Inventory
1 1
0 0

Acquisition Inventory % Acquisition Inventory %

Operations Licenses Operations Licenses

Compliance Compliance
 Typical company - SAM journey
2015 2016 2017 2018 2019

1 2 3 4 5
Basic Standardised Rationalised Dynamic Integrated
Uncontrolled Manual Not centralised Automated Shared processes
Centralised with ITIL V3
Expense Department Operational Corporate Valued service

SAM initiatives SAM plan Measured SAM plan Integration

• Centralised procurement • Centralised data • KPIs, SLAs • People
• Processes improved • Documented processes • User satisfaction • Processes
• Variety of records • Defined roles • Process efficiency • ITSM /SAM technology
• Compliance mitigation • Discovery technology • SAM technology

40% 20% 10% 5% ?%

Potential Under Licensing (RISK)
 SAM Side Effects

• Know where every computing device is

• Understand its hardware / software configuration
• Can reduce the cost and time of changes
– Provisioning, transformation, projects
• Re-use hardware and software assets
• Raise commercial awareness within IT teams
• Easier negotiations with vendors and auditors
 Moving Forward

SAM relies on information management

• Hardware assets and build
• Software installed
• Deployment methods
• Licences and commercial contracts
• Roles and responsibilities
• Work flow processes
Plus you have other factors!
Culture, legacy, organisational barriers
 Collecting Information
Typical lifecycle with Improved lifecycle using service management (and
inconsistent records and workflow) with consistent record collection
poor workflow
Service Compliance
Lifecycle Lifecycle Libraries
Management reports
catalogue

Request Ticket
Request

approval Update with application User CI

approval Change
manage
procure ment Start asset CI Asset CI
procure

Goods in Add ser. No.

Goods in request
fulfillment
New Stock Status = stock
New Stock
Status = deployed
Deploy
Deploy Act. Dir.

Compliance
Verification
Compliance

In use Incident Status = defective

manage Reports
In use
logs ment Status = in progress
Reports
repair
repair
Old stock Change Status = old stock
manage
Old stock ment
retire Status = retired

retire ?
discovery

discovery
 Processes and Technology Map
Item Status
Which processes or technology are you missing? Software catalogue ?

Self service

Request Contracts Procurement Y

(self
service) Hardware estate ?
Development

DSL
Approve Contracts Y

Procure Licence data ?

Asset Identification
Goods in DSL N
SW asset control
Pay SW asset inventory (libraries) Discovery data N
Change

CMS Incident/problem
Release
SW HW HW SW Change/configuration Y
Deploy
Release
In-use
Verification N
Incident Asset record verification
Compliance recognition ?
Problem License compliance Compliance - up/down
grades
Retire Workflow

Deployment methods ?
Acknowledgement ISO/IEC
 Processes and Technology Map

What does a particular toolset do?

Request Contracts
(self
service)
Development

DSL
Approve
Procure
Asset Identification
Goods in
SW asset control
Pay SW asset inventory (libraries)
Change

Release
CMS
SW HW HW SW
Deploy
Recognition Upgrade/downgrade
In-use
Incident Asset record verification
Problem License compliance

Retire on

Acknowledgement ISO/IEC
 Small or Large Companies

Small companies
• Single decision point
• Out of the box integrated technology

Larger companies
• Project based decisions
• Siloed teams with individual best of breed
technologies and toolsets
• Use of partners / outsourcers
 To Summarise

• SAM is continuous, not a one off

• Implementing SAM gives many benefits to projects and operations processes
• Management support is vital
• Communicate the assessment to all
• Give feedback on quick wins
• Measure progress and communicate success
• Avoid the embarrassment of corporate action