So you have just purchased the vendors discovery tool or perhaps one of the leading software repository tools. Understandably you breath a sigh of relief because that imminent vendor audit is apparently receding into the distance.
In spite of the expectation, the installation of these tooling platforms without full management plan often results in an increased risk of audit and higher vendor payments.
Customers often falsely believe installation of the vendor discovery tool will insulate for all possible over deployment issues. The facts are that the current crop of discovery tools detect only a few of the available license metrics.
These metrics are often the easily monitored cpu and virtual cpu performance criteria. While lack of attention to these metrics has proven highly lucrative in past years, suppliers are well aware that customers are more likely to pay attention to these metrics so they target installed software that is unlikely to be monitorable by these tools.
Software metrics are many and varied. Terms such as named or concurrent user usage are generally well understood but metrics that require access to log data, company revenue data or disaster recovery status are shrouded in mystery.
Accordingly installing a discovery tool simply focuses the auditing firm on the my likely areas that will result in a positive ROI. If you have prepared your cpu based report for your vendor its often the case that the auditor won’t even read it. The engagement may begin far more innocently by asking for access to certain obtuse log file data. Be wary of the provision of this data before examining what it tracks and the associated licensing terms. More often than not the auditor has obtained prior data that some type of user or resource cap is present but not enforced by the software. Often that cap is very obtusely documented.
Provision of the log data without a baseline audit often results in a large overdeployment bill were negotiation with the vendor is limited. The purchase of a discovery tool is often the trigger for vendor scrutiny rather than the company’s savior.
Software repository tools often cause further and larger underemployment invoices. The tools themselves are seldom to blame but rather their lack of universal deployment.
When a vendor knows that there is no universal installation or retirement policy and that non vendor certified discovery tooling is deployed – the customer becomes a high ROI target.
Rather than using the discovery reports the audit firm will use its own independent discovery tooling. This often discovers licenses that have been “retired” in the repository but are still monitorable by the tools. This in turn results in extra licensing and for many vendors back payment of maintenance for up to two years.
In summary, discovery and repository tools are vital parts of a pro active SAM strategy but the partial deployment made by most customers magnifies the audit risk rather than decreasing it.
Purchasing a tool without a full deployment, retirement and reporting license management plan is not a wise strategy.