Following the first two parts in this series about the journey into SAM I want to talk a little more about the fact that you are only “as good as your information”. This means that when you want to have a reliable or effective SAM practice you first need to get the basic information fully reliable. And just gathering basic reliable information is one of the toughest jobs there is in SAM. So let’s see this step as getting your tickets and preparing your luggage.
Imagine that you want to know everything there is to know about the usage of your software and I really mean the nitty-gritty details. You’ll need to know everything about your infrastructure, your users, your connections or connectors and about the access policy for each software title. To be able to refine the details even more you need some more information, but let’s keep it as it is for now as it is a journey and we learn along the ride.
Looking at your infrastructure you’ll need to know everything about the hardware to be able to define usage for non-user based licenses. You’ll need to know if this hardware is virtualized and what method is used for that, on which server is the VM hosted or is it moving around freely and can it be provisioned on the fly to the users’ needs or not. Is it attached to a SAN or other storage solutions. What type of database is it that you use? How many items are in this database or how big is it in size? Is the Database in the same country or abroad, and if so is that legally allowed? To put it simply, you’ll need a lot of information on your infrastructure. And most of the time it’s available from management applications or a CMDB and often you see that some managers have a kind of bookkeeping of their own in spreadsheets or other applications. What you actually need, first of all, is a clever and reliable discovery or inventory tool. Once you have the right tool selected ( I could talk days about such a selection and which is the best tool for the purpose) and implemented in your environment you’ll get tons of data about your environment. (on average 1300-1800 different items per pc ). Make sure your ready four that!
The next step would be to compare this data against other sources of information you have and see if you’re missing something (maybe you missed a ‘secret development’ domain or subdomain). you can compare the discovery outcome against your CMDB, your own spreadsheets, your purchasing data, antivirus listings, network diagrams and what more. Then you’ll get several collections of data and when you stack the information you’ll see details that are definitely true as they’re existing in all of them. When you have some data that’s only existing in two collections, you might need some more research and if it’s existing in only one, you definitely need research. Although we see that if the collection of data has been built by a discovery tool, there’s rarely reason to have doubts. Also some software publishers require that you use – specifically their own – tooling to discover the usage to enable you to use different license models. You need to find out if your publishers need you to do that (IBM is well-known for that).
If you want to look at users there’s most times a larger amount of collections available in various levels of reliability, like AD, HR, Security, Network, etc. etc.. Again when you put these collections together you should see a sub-collection that exists in all of them and thus to be considered reliable. The other ones need some research for truth, alternations and whatever you can think of.
So in a way I substantiate here the fact that IT&SAM is a metaprocess and touches virtually all of your organization’s processes. And eventually not only IT&SAM data gets more reliable also other processes benefit from these actions, for instance purchasing, contract management and ITSM !
The work on the above mentioned information sources needs to be done on all relevant information sources. And gradually as you want to be able to gain more insight in usage, utilization or necessity (?) of certain software sources might be added to your information stack. Always be aware that you verify the reliability of each source before you start using it as a information source for your reporting.
It’s even more important that when you’re finished improving your information sources, you also put a plan together to do verify the reliability of each source periodically. Make sure that every information source is part of a process and when you audit these properly every once in a while you’ll see that not only SAM’s effectiveness will grow, but also other –pure business – processes profit from these actions.
I’m not trying to make this sound like a job you can do overnight. I’m just trying to convince you that the foundation of SAM must be firm, effective, reliable and complete to be able to start cashing your cost savings, avoid costly audits and protect your reputation.
If you’re going to use a SAM tool or an ITSM/ITAM/SAM tool this is the only way to make you happy with the results. And if you were told that such a tool could solve this problem for you, please think twice. If you think this way and you’ll buy a tool for that special purpose you will be disappointed and blame the tool (and the investment you made). Some of the tools can hint you in the direction where your problems are with your information sources, though none will solve it all automatically.
So now you’ve bought your tickets -based on reliable travel information and best price possible- and you’re all packed and ready for the next step of the journey. We’re ready to board!
At In2SAM we’ve fought these “information battles” very often and came out victorious. We know what strategies work and which don’t. Don’t hesitate to contact me or my colleagues at In2SAM if you need some help in the right direction.