Software Asset Management or how to clean up the software
On Habré, they write a lot about the most diverse software for private and corporate use, ranging from small plug-ins and utilities to huge complexes for distributed client-server systems.
But I am always surprised by the attitude to such a thing as software in organizations. Most (ie, more than 50%) of those with whom I had to communicate in their profession (middle and senior managers) do not even know what they are doing with the software. A car park is monitored - everything is done in advance, it is monitored for real estate, it is monitored for goods and materials, it is also monitored for toilet paper, but the software is somehow not very good. Most likely this is due to the immateriality of this "phenomenon" - it is impossible to touch.
But software is also an enterprise's assets and often more valuable than other assets (compare the cost of any abstract proprietary server solution and the cost of the employee’s chair). And this asset is recommended to keep in order. The science called Software Asset Management (SAM) - Software Asset Management Technology will help us to restore this order.
')
In this article I will try to briefly describe the essence of this technology and how to apply it in myself.
Here I will make a remark in order to avoid counting my topic among the numerous topics about copyright protection and the appearance of many relevant comments, it’s not at all about how important it is to pay for software.
On May 9, 2006 the international standard ISO 19770-1 "SAM Processes" was released, which can help us in this direction.
So, we have an organization with the number of computers from 1 to infinity, absolutely any software is on computers. The organization wants to implement this technology. We will help.
Step one: Collect information.
We collect all general information that may concern software - the number of computers, servers, network structure, location of computers geographically (offices, branches), how the software selection process, purchases (if purchased), installation, configuration, use, deletion, storage, who responsible for all these processes, etc.
Those. we need to fully evaluate what is happening in the organization right now without going into small details.
The result of this stage for small companies will be a few lines of text, for large ones tens or hundreds of sheets can easily come out.
Step two: Conduct software inventory.
At this stage, we need any affordable and convenient way to collect absolutely the entire list of software available on all devices of the organization - computers, laptops, servers, PDAs, servers hosted, personal computers used in work, etc.
Everything that is installed, recorded, saved, etc. we need to find and list all devices related to the work of the organization in a single list, this applies to both normal programs and various plug-ins and even third-party fonts.
This process can be carried out in several ways or by combining them:
a) manually via the list of installed software and by inspecting the contents of hard drives (small PC park, remote offices)
b) semi-automatically - came up with a flash drive to the computer, launched any scanner we liked, saved the report in a file, went to the next computer
c) fully automatically - by installing a software package on the entire network for collecting and consolidating such information
The result of this stage should be a summary table with a list of all the software found, the number, location, etc.
Step three: Conduct an inventory of existing licenses.
If the organization at least once bought software in any form or manifestation - we need this step. We collect all the confirmations of our rights to use the software and related materials obtained during purchases - certificates, licensing agreements, boxes, recalculate stickers on cases, installation disks, serial numbers in electronic form, etc. Where to look for all this in your organization you know better than me - EVERYWHERE. Starting from the cabinet sysadmin and ending with a warehouse with old boxes of equipment.
Also at this stage we need to make copies of all documents related to software, but stored in the accounting department - supply contracts, invoices, transfer and acceptance certificates, etc.
After the collection, we need to analyze the documents found, so that we would understand exactly what they are entitled to, and what they don’t (there are often not enough experts in this field).
The result of this stage will be a summary table with a list of available software licenses and quantity.
Step Three and a Half: Matching Two Lists.
Combining the two tables in one common we look for coincidences and differences in them.
If there is a coincidence, we have licenses for this software and its use is legal.
If there is a discrepancy in the direction of the absence of a license or an extra license, then we consider each case individually.
A little remark - I know what GPL, BSD and other words sympathize with me, but at the moment if we have something like ubunt in the table of the software found, and we have nothing in the table of found licenses and documents with ubuntu there may be problems.
Here we must reduce the discrepancy of the tables to zero in one way or another.
Step Four: Development of procedures.
At this stage, we need the summary information obtained at the very beginning and the ISO-19770-1 standard will be very useful.
Here we need to develop internal documents and regulations that will govern the entire software life cycle in the organization.
Those. step-by-step instructions describing the necessary actions of responsible persons and ordinary users in specific situations. For example, what should the user do if he needed new software to work. How new software should get into the organization from the outside. How to handle it in the process - installation, use, storage, decommissioning, etc.
The number and complexity of documents depends on the size of the organization, small ones cost two or three pieces of paper on 1 page, large ones make up a non-acidic multi-volume.
ISO-19770-1 will help us in this matter by providing many templates for such procedures.
These documents will allow to maintain the order established at the previous stage constantly.
Step Five: Implementation.
It is almost impossible to apply two or three dozen documents and procedures to the well-established life of the company — we risk in general paralyzing its work.
Therefore, here we are developing a plan for the gradual adoption of documents drawn up by us to avoid a shock effect. After the latter have been accepted, it is better to repeat as much as possible from the second to the third and a half, because the implementation of all documents can take a lot of time.
PROFIT!
What is the profit for the organization of such an order? I think a reasonable person will understand everything, but I will list some:
1) Full license purity - I think it is not necessary to explain why this is good, article 146 to six years and a lot of money
2) Savings on purchased software - I saw a lot of situations when buying something that already exists, but was lost in the bins or was bought not at all what is needed.
3) Additional security of the entire IT infrastructure - at least once the users did not catch the virus along with the incomprehensible software downloaded from the Internet
4) Ability to plan software costs - due to the formalization of the acquisition process
You can come up with a dozen more not so obvious points, but we’ll stop here.
If this topic is interesting to the audience, I can disassemble each of the five steps into an additional topic, which I plan to do in principle soon.
afterword:
1) If you stuff SAM in a search engine - you can see that Microsoft is the one that Microsoft is most actively promoting, this is only because it is the leader in the software market and, accordingly, is most interested in bringing order to users (most often, it’s the lack of licenses ).
2) The ISO-19770 standard can be found here - www.iso.org/iso/catalogue_detail?csnumber=33908
unfortunately paid - 112 francs.
But I am always surprised by the attitude to such a thing as software in organizations. Most (ie, more than 50%) of those with whom I had to communicate in their profession (middle and senior managers) do not even know what they are doing with the software. A car park is monitored - everything is done in advance, it is monitored for real estate, it is monitored for goods and materials, it is also monitored for toilet paper, but the software is somehow not very good. Most likely this is due to the immateriality of this "phenomenon" - it is impossible to touch.
But software is also an enterprise's assets and often more valuable than other assets (compare the cost of any abstract proprietary server solution and the cost of the employee’s chair). And this asset is recommended to keep in order. The science called Software Asset Management (SAM) - Software Asset Management Technology will help us to restore this order.
')
In this article I will try to briefly describe the essence of this technology and how to apply it in myself.
Here I will make a remark in order to avoid counting my topic among the numerous topics about copyright protection and the appearance of many relevant comments, it’s not at all about how important it is to pay for software.
On May 9, 2006 the international standard ISO 19770-1 "SAM Processes" was released, which can help us in this direction.
So, we have an organization with the number of computers from 1 to infinity, absolutely any software is on computers. The organization wants to implement this technology. We will help.
Step one: Collect information.
We collect all general information that may concern software - the number of computers, servers, network structure, location of computers geographically (offices, branches), how the software selection process, purchases (if purchased), installation, configuration, use, deletion, storage, who responsible for all these processes, etc.
Those. we need to fully evaluate what is happening in the organization right now without going into small details.
The result of this stage for small companies will be a few lines of text, for large ones tens or hundreds of sheets can easily come out.
Step two: Conduct software inventory.
At this stage, we need any affordable and convenient way to collect absolutely the entire list of software available on all devices of the organization - computers, laptops, servers, PDAs, servers hosted, personal computers used in work, etc.
Everything that is installed, recorded, saved, etc. we need to find and list all devices related to the work of the organization in a single list, this applies to both normal programs and various plug-ins and even third-party fonts.
This process can be carried out in several ways or by combining them:
a) manually via the list of installed software and by inspecting the contents of hard drives (small PC park, remote offices)
b) semi-automatically - came up with a flash drive to the computer, launched any scanner we liked, saved the report in a file, went to the next computer
c) fully automatically - by installing a software package on the entire network for collecting and consolidating such information
The result of this stage should be a summary table with a list of all the software found, the number, location, etc.
Step three: Conduct an inventory of existing licenses.
If the organization at least once bought software in any form or manifestation - we need this step. We collect all the confirmations of our rights to use the software and related materials obtained during purchases - certificates, licensing agreements, boxes, recalculate stickers on cases, installation disks, serial numbers in electronic form, etc. Where to look for all this in your organization you know better than me - EVERYWHERE. Starting from the cabinet sysadmin and ending with a warehouse with old boxes of equipment.
Also at this stage we need to make copies of all documents related to software, but stored in the accounting department - supply contracts, invoices, transfer and acceptance certificates, etc.
After the collection, we need to analyze the documents found, so that we would understand exactly what they are entitled to, and what they don’t (there are often not enough experts in this field).
The result of this stage will be a summary table with a list of available software licenses and quantity.
Step Three and a Half: Matching Two Lists.
Combining the two tables in one common we look for coincidences and differences in them.
If there is a coincidence, we have licenses for this software and its use is legal.
If there is a discrepancy in the direction of the absence of a license or an extra license, then we consider each case individually.
A little remark - I know what GPL, BSD and other words sympathize with me, but at the moment if we have something like ubunt in the table of the software found, and we have nothing in the table of found licenses and documents with ubuntu there may be problems.
Here we must reduce the discrepancy of the tables to zero in one way or another.
Step Four: Development of procedures.
At this stage, we need the summary information obtained at the very beginning and the ISO-19770-1 standard will be very useful.
Here we need to develop internal documents and regulations that will govern the entire software life cycle in the organization.
Those. step-by-step instructions describing the necessary actions of responsible persons and ordinary users in specific situations. For example, what should the user do if he needed new software to work. How new software should get into the organization from the outside. How to handle it in the process - installation, use, storage, decommissioning, etc.
The number and complexity of documents depends on the size of the organization, small ones cost two or three pieces of paper on 1 page, large ones make up a non-acidic multi-volume.
ISO-19770-1 will help us in this matter by providing many templates for such procedures.
These documents will allow to maintain the order established at the previous stage constantly.
Step Five: Implementation.
It is almost impossible to apply two or three dozen documents and procedures to the well-established life of the company — we risk in general paralyzing its work.
Therefore, here we are developing a plan for the gradual adoption of documents drawn up by us to avoid a shock effect. After the latter have been accepted, it is better to repeat as much as possible from the second to the third and a half, because the implementation of all documents can take a lot of time.
PROFIT!
What is the profit for the organization of such an order? I think a reasonable person will understand everything, but I will list some:
1) Full license purity - I think it is not necessary to explain why this is good, article 146 to six years and a lot of money
2) Savings on purchased software - I saw a lot of situations when buying something that already exists, but was lost in the bins or was bought not at all what is needed.
3) Additional security of the entire IT infrastructure - at least once the users did not catch the virus along with the incomprehensible software downloaded from the Internet
4) Ability to plan software costs - due to the formalization of the acquisition process
You can come up with a dozen more not so obvious points, but we’ll stop here.
If this topic is interesting to the audience, I can disassemble each of the five steps into an additional topic, which I plan to do in principle soon.
afterword:
1) If you stuff SAM in a search engine - you can see that Microsoft is the one that Microsoft is most actively promoting, this is only because it is the leader in the software market and, accordingly, is most interested in bringing order to users (most often, it’s the lack of licenses ).
2) The ISO-19770 standard can be found here - www.iso.org/iso/catalogue_detail?csnumber=33908
unfortunately paid - 112 francs.
Source: https://habr.com/ru/post/97343/
All Articles