Software Asset

Management

Agenda
What is SAM?
Benefits of SAM
New types of SAM engagements

Mihaela MIHAI
EPG SAM Manager

SAM

Q&A

What Is Software Asset Management (SAM)?

SAM is a global industry standard
ISO/IEC 19770-1
Endorsed by Microsoft and many others

ITIL best practice guide on SAM

All of the infrastructure and processes necessary for the effective
management, control, and protection of the software assets
within an organization, throughout all stages of their lifecycle.

SAM is an integral part of the control framework for

any well-run organization
Following SAM best practices results in better information for
decision making and a higher degree of operational excellence;
ultimately driving long-term business value.

SAM Can Help Companies

Control

Optimize

Grow

Regain control of
systems

Save money

Better market
position

Reduce technology conflicts

and increase stability

Manage legal liability

Help protect and secure IT

infrastructure

Improve back-up and recovery

plans

Consolidate license purchase

points

Better budget predictability

Improve negotiating position

Improve system, user, and help

desk performance

IT best practices that drive

business value

Insight into company assets

Optimize efficiencies

Increase standardization

SAM Program Value Adds

Engagement
Approach

Focus on enabling long term capability and

best practice adoption

Promote and deliver resources, tools,

knowledge, and training

Work through partners to deliver better

business intelligence and analytics

SAM Baseline Review

Inventory deployed software

Match installations with licenses

Microsoft

...build a detailed report on your current state

SAM Baseline Review

Collect information and review
policies and procedures

Identify improvement opportunities

The Path Forward

How well are software

assets managed today?

Where do
improvement
opportunities
exist?

What adjustments
need to be made.

Cloud-ready Engagement
Todays technology trends are sparking opportunity

70% of CIOs will embrace a cloud-first strategy in 2016.

Moving data and business processes to the cloud offers several advantages over a traditional enterprise IT
environment. Transform your datacenter while reducing cost, complexity, and non-compliance risks.

A cloud strategy should address cost reduction, increased agility, and improved scalability

A Cloud-ready SAM engagement is a crucial

first readiness step.
Understanding the current environment and future roadmap is critical to
determining the right path. You first need to know what software you already
have rights to, starting with a comprehensive application inventory.
Based upon this, you can:

Develop your adoption strategy

Identify required characteristics of remaining applications

Prioritize and identify candidates for the cloud

Adopting SAM principles eases the application inventory process, identifying

license and usage patterns.

SAM
supports
cloud
readiness

Process discipline helps reduce corporate risk

Ease of purchasing and deploying cloud services can lead
organizations to unanticipated results:
Over-provisioning can occur when
users receive services they dont
want or need.
Under-licensing can occur when
services are added or consumed
but not accounted for in a
centralized way.
A mix of on-premises and cloud
solutions can cause confusion; not
all on-premises solutions have
cloud options available.

SAM best practices can facilitate cloud adoption by providing

the systems, processes, and management structure so
organizations can make the right strategic decisions to
achieve their long-term cloud goals.

Best
practices for
cloud
readiness

Fully define your goals. Organize around long-term organizational

objectives.
Build internal alignment. Management, IT, Procurement, and other
stakeholders all play a part in creating an environment for
success.

Avoid surprises. Increase awareness of all impacts of cloud

adoption, including changes to licensing and budgeting.
Take control. Ensure needed processes are in place internally.

SAM for SQL Workloads Engagement

The datacenter is the hub of everything you offer your business.
With software asset management, or SAM, you can gain the insights into your SQL environment you need to:
Align SQL Workloads to better meet future needs.
Transform your datacenter while reducing cost, complexity, and non-compliance risks.

Modern SQL environments can be very complex.

A SQL Workloads engagement can help an organization:

Identify underutilized SQL Servers.

Optimize workloads to avoid unnecessary costs.
Gain clarity about their IT environment.
Align IT, procurement, management, and other activities around
organizational goals.
Create the necessary processes for improved governance.
Reduce risks associated with non-compliance.
Develop a solid foundation for future evolution of the IT environment, based upon
a clear understanding of the existing infrastructure.

Use SAM to
help optimize
SQL Workloads

Adopt best practices to optimize SQL workloads:

Limit the number of CPUs

and cores for increased cost
savings.

Consolidate workload
instances and databases
onto fewer servers to
reduce licensing costs.

Isolate production vs.

development environments.

Consider moving to
dedicated Host Clusters
licensed via Enterprise for
unlimited virtualization.

Strengthen policies,
increase standardization
and gain insight into
company assets while
improving internal licensing
communication.

Establish a solid foundation

for achieving future
organizational objectives
based upon a clear
understanding of your SQL
environment.

Virtualization SAM Engagement

Customers are looking to invest in server, desktop, or application virtualization to:

Reduce costs
Improve business continuity
Increase business agility

The simplicity of adding and accessing virtual servers and desktops can lead
organizations to unanticipated results:

Over-provisioning can lead to under-utilized virtual machines and significant license responsibility.
User device connectivity to virtual machines and applications can create additional license complexities.
Licensing of virtual environments can be more complex than physical environments.

Benefits of a Virtualization SAM Engagement

Increase the business value virtualization can provide based on an

analysis of your current virtual environment.
Helps you to strategically plan for virtualization implementation.
Provide increased security through further server consolidation.
Maintain control of existing virtualization environments.
Implement policies around virtualization management.

A Virtualization SAM Engagement provides customers with a strategic virtualization

strategy by assessing existing virtual environments and identifying opportunities to
optimize virtualization.

Virtualization SAM Engagement

ROI Analysis: Consider how virtualization can impact your bottom line.

Hardware
Expense

Energy
Consumption

Disaster
Recovery

IT
Resourcing

Speed of
Provisioning

Software
Installations

Business
Agility

Facilities
Use

Recommended
policies and
procedures for
virtualization

Configuration planning
should be completed prior to
deploying virtual servers to
support controlled
provisioning.

A SAM manager or auditor

should be assigned to
oversee the configuration
planning process.

Company policy should

address the use of bring your
own devices (BYOD) and
remote access.

Corporate log in credentials

should be employed to
access the virtual desktop or
applications.

The IT department should

maintain an inventory of all
VMs regardless of if they are
active or archived.

Establish a solid foundation

for achieving future
organizational objectives
based upon a clear
understanding of your Virtual
environments.

Non-production Environments SAM Engagement

Modern non-production environments: characterized by change.
It can be difficult for an organization to:

Understand how non-production systems are deployed, developed and tested upon, decommissioned,
and rebuilt
Get a clear picture of the organizations software footprint
Understand the licensing subscriptions available
Understand who needs to be licensed

Benefits of a Non-production Environments

SAM Engagement:
Gain a better understanding of how developer tool licensing works

Receive value from your licensing investments

Reduce costs through operational efficiencies
Incorporate standardization across management of company assets
Improve internal licensing communication
Establish a solid foundation for achieving future organizational objectives

Non-production environments SAM engagement

Report on
key findings
and
guidance

We will review with you:

Non-production vs. production: Discuss differentiators between non-

production and production environments and updates to product use rights (PUR).

Common licensing mistakes: Review common over-licensing and underlicensing mistakes.

Licensing options: Walk through challenges of managing licensing and licensing

options available.

Best Practices: Review best practices for navigating the non-production

environments, managing software licensing subscriptions and consolidation of nonproduction environments.

Policies and Guidelines: Based on our findings we will have a good

understanding of how we can help your organization create policies for managing
your non-production environments going forward.

Under-licensing mistakes that are commonly made

Buy Cheap, Use Expensive

Customer uses higher product edition(s) than they

purchased and fails to order/True Up

Buy Few, Use Many

Customer uses more products than they purchased and fails

to order/True Up

Expired MSDN

Customer without active MSDN subscription uses latest version

of product

Unlicensed Outsourcing

Customer uses outsourced development workforce internally

and neither party pays to license those users

MPN Benefit Misuse

MPN partner uses MPN licensing to provide software development

services and/or exceeds MPN benefit entitlement cap

Incorrectly Licensed
Non-production

Customer uses MSDN software on Development/Test servers without

licensing all users reaching those environments

Over-licensing mistakes that are commonly made

Buy Expensive, Use Cheap

Customer purchases Premium and/or Ultimate editions but

Administrator fails to assign and users cannot access

Buy Many, Use Few

Customer uses fewer products than they purchased and

fails to deploy or renew down, renews unused software

Wasted MSDN

Customer with an active MSDN subscription does not take advantage

of new version, Office production* and Azure use rights

Overlicensed Outsourcing

Customer uses outsourced development workforce internally and

both parties pay to license those users due to miscommunication

Wasted MPN Benefit

MPN partner qualifies for MSDN benefits but does not take
advantage of them

Overlicensed
Non-production

Customer purchases or renews more MSDN subscriptions than are

needed in order to license all users reaching those environments

Cybersecurity SAM Engagement

You cant protect what you dont know.
A Cybersecurity SAM Engagement provides a view of what software is deployed to identify areas of potential
risk and high-level guidance on cybersecurity programs and policies to help enable good IT software asset
management.

Benefits of a Cybersecurity SAM Engagement

Establish a solid foundation for securely managing software assets that promotes
good cybersecurity preventative practices in a holistic, integrated way.

Become better prepared in order to build a resilient, adaptive IT infrastructure that

can respond to threats.
Support an effective defense against attacks through added policies
and controls.
Decrease costs from data loss, fraud from theft, loss in revenue, labor, support,
employee downtime, cost to locate and reinstall lost data, customer support, and
negative impact to reputation.

Deployment
Considerations
for a Secure IT
environment

Frequently install security updates for all software. This is the

simplest, and perhaps most effective, way to protect an organization

Keep anti-virus software active and up-to-date. Run frequent

security scans.

Whenever possible, use the newest versions of applications.

They typically have much stronger security features.

Manage Active Directory roles and access. Validate the

configuration management of applications to ensure there are no security gaps.

Monitor what software and devices employees bring into

the workplace and the network environment. A successful BYOD
program needs to take into account data security risks.

Carefully manage the supply chain. Understand threats that can be

introduced in procurement, configuration, exception management, and disposal.

Genuine
Software

Pirated software puts computers

and data at risk.
Only devices with genuine Microsoft software get important software
updates needed to operate reliably and protect from malware often found
in counterfeit software.

Tips for safer shopping

Make sure you are getting what you paid for. Buy from a reseller
you trust.
Use a secure payment method.
Beware of Product Keys sold separately.

The best way to get everything you expect up front is

to buy genuine Microsoft software preinstalled on a
new PC or from an authorized reseller.

Topics covered
by SAM Policies
and Processes

Managing vulnerabilities
through proper patch
management

Establishing protocols to
secure devices

Addressing change
management

Aligning Active Directory

to the current threat
environment

Creating and managing

an authorized software
media library

Instituting proper
permission management

Training Employees,
vendors, and others
accessing organizational
resources

Example policy: Laptops, workstations, and servers

must be configured so that they will not auto-run
content from removable media, like USB tokens (i.e.,
"thumb drives"), USB hard drives, CDs/DVDs, FireWire
devices, external serial advanced technology
attachment devices, and mounted network shares.

Mobile Device Management SAM Engagement

Mobility is the new normal.
Change is being driven by the proliferation of consumer devices, the flexibility provided by the cloud, an
explosion of data, and a natural shift as people adapt to an always-connected world.
While there are many benefits, there are also concerns for both user-supplied and company-owned
mobile devices. Top concerns are security and licensing optimization.
Use a Mobile Device Management SAM Engagement to:

Leverage mobility to increase your competitive advantage

Increase productivity and security while controlling costs

Be informed: know who is using what and how

Tailor your mobility strategy to securely meet your organizational needs

Align licensing to actual usage

Become empowered to make the right decisions for the organization with
an accurate picture of mobile device use.

Deployment
Considerations

Selecting the right management platform now includes

looking at how well it matches your mobile device
management needs and objectives for the organization.

Licensing Considerations
User

Device

Location

Is the user covered by the

Microsoft Core Client Access
License (CAL) Suite or the
Microsoft Enterprise CAL Suite
on a per-user basis?

Is the device covered by the Core

CAL Suite or Enterprise CAL Suite
on a per-device basis?

Will the user access the software

on the corporate premises (onsite)?

Is the user the single primary

user* of the device?

Is the device running a qualified

Microsoft operating system?
Is the device a qualified device
or a qualified third-party device?

Will the user access the software

remotely from outside of the
corporate premises (off-site)?

Can the organization easily

identify the primary user of the
device?

Is the device accessing a virtual

desktop infrastructure (VDI)?
Is the device owned by the
employee or the organization?

Topics covered
by SAM Policies
and Processes

How much control do

you want to maintain
over user-owned
devices?

What data and apps can

users access?

How effective is your

security awareness
training?

What constitutes
acceptable use of
corporate IT resources
on user-owned mobile
devices?

How are devices

authenticated?

What are the minimum

security controls that are
required?

Can you identify the

employees, vendors, and
others accessing
organizational
resources?

Example policy: The IT department reserves the

right to approve accessibility or refuse
connectivity for any personal devices that do not
meet security and software requirements as
defined by corporate policy.

Benefits of a strong SAM process

PCs / Users
Servers / CALs

A strong SAM process helps control all

licensing across the hardware life cycle

Devices

Complex IT environments and licensing

options drive risk of license mismanagement

Take Inventory: Find out what you already have.

Get Organized: organize all your software licenses and
documentation.

Create Policies & Procedures: Establish standards and

guidelines for all phases of the hardware and software lifecycles

Maintain your SAM Plan: Keep your plan current through

regular spot checks, inventories, and employee training.

Next Steps and Q&A

Software Asset Management.

Implementare si recomandari ulterioare

Planul de proiect

Operating System Name and Version

Installation count

Percentage

Microsoft Windows 7 Ultimate

Microsoft Windows 7 Enterprise
Microsoft Windows XP Professional
Microsoft Windows 7 Professional
Microsoft Windows 7 Home Edition
Microsoft Windows 2000 Professional
Microsoft Windows Vista Business
Microsoft Windows 8.1 Professional

2
16
133
42
2
114
32
2

1%
5%
39%
12%
1%
33%
9%
1%

Total

343

100%

Instalari Windows vs achizitii

140
133

120

114

100

114
95

80
60
40

42

42
32

20

16

32

0
Installation count

Invoices

Microsoft Windows 7 Ultimate

Microsoft Windows 7 Enterprise

Microsoft Windows XP Professional

Microsoft Windows 7 Professional

Microsoft Windows 7 Home Edition

Microsoft Windows 2000 Professional

Microsoft Windows Vista Business

Microsoft Windows 8.1 Professional

Client computer readiness for Windows 8

1%

Ready for Windows 8

49%

50%

Not Ready for Windows 8

Insufficient Data

Recommended Hardware Upgrade

To Minimum

Increase System RAM

114

Increase Hard Disk Free Space

24

Upgrade Graphics Card

33

Solutii de securitate
Instalari solutii de securitate

9%

7%
34%

4%

System Center Endpoint Protection

Kaspersky Enpoint Security
Microsoft Security Essentials
AVG Antivirus
Avast Antivirus

46%

Realizarea unei baze de date cu toate informatiile descoperite in cadrul procesului de SAM si actualizarea datelor din acest
centralizator ori de cate ori sunt realizate modificari

Responsabilizare utilizatori

Active Directory

Implementarea unui sistem unitar de codificare a tuturor PC-urilor in retea, de exemplu:

Locatie-Departament Initiala Prenume&Nume
Implementare Microsoft Active Directory pentru toate PC-urile si inlocuirea licentelor de tip
Home cu versiuni Professional pentru integrarea tuturor statiilor in Microsoft Active
Directory

Management centralizat al politicilor de securitate implementate;

Reducerea costurilor de exploatare prin folosirea noilor facilitati de administrare si de optimizare a traficului de
retea;
Automatizarea setarilor de securitate;
Securizarea implicita a noilor servere ce vor fi integrate in infrastructura informatica;
Administrarea utilizatorilor si resurselor se face de la o singura consola;
Controlul strict si monitorizarea accesului la resurse;
Definirea unor politici globale pentru utilizatori si pentru statiile de lucru;
Restrictionarea utilizatorilor;
Single sign-on pentru utilizatori;
Prevenirea modificarilor configuratiei desktop de catre utilizatori.

Implementarea unei solutii pentru managementul unitar al statiilor de

lucru in retea System Center Configuration Manager

Management centralizat al politicilor de securitate implementate;

Distribuirea aplicatiilor si sistemelor de operare;
Software Update Management. WSUS integrat;
Inventar software si hardware cu istoric;
Evidenta frecventei folosirii aplicatiilor;
Raportare detaliata;
Upgrade usor pentru sistemele existente si instalarea de la zero pentru noile sisteme;
Suport pentru diferite tipuri de client (desktop, notebook, server, mobile);
Descoperirea sistemelor vulnerabile si non-compliante cu politicile organizatiei.

 Poate fi instalat pe 5 device-uri ale aceluiasi utilizator;

Drept de downgrade inclus pana la orice versiune;
O singura cheie si un singur kit pentru toate licentele achizitionate;

Licenta poate fi transferata catre noi utilizatori;

Dovezi licentiere: contract, confirmare comanda si factura de achizitie.

 Windows Server Standard

2012 permite instalarea a 2
licente Windows Server in
mediul virtual
2 licente Windows Server
2012 achizitionate 4 licente
in mediul virtual.

Cheie de activare unica;

Nu exista COA;

Contract nominal;
Costuri apropiate de cele
OEM.

Licentierea SQL per core va

permite accesul la server a
unui numar nelimitat de
utilizatori, fara a mai fi
necesara achizitionarea Client
Access License pentru fiecare
user/ device
Migrarea aplicatiei in Azure

Pasii urmatori
- Actualizare portal Software Asset Management si incarcarea documentatiei
aferente. Definirea unui responsabil din partea companiei pentru update regulat;
- Solutii licentiere pentru produsele instalate fara dovezile de achizitie;
- Suport implementare procese agreate.