by: Jeff Jones, Flexera Software
Having worked with 100’s of corporations over the last few years, I have noticed something interesting about the software asset management (SAM) space, and specifically the SAM Maturity Model. While much has been written about the SAM Maturity model, I have noticed an interesting trend: vendors, corporations and analysts either discuss “SAM Basics” – usually Inventory and Tracking, or they discuss the “Pot of Gold” at the “end-of-the-rainbow”: Dynamic SAM and/or “Optimisation”.
It is this second area I find most interesting, because this tends to be where you get to the nexus of business value and software. But what I find interesting is almost every software asset management vendor, and every corporate consumer trying to get there, really discuss this level in different terms. There are papers on “Optimising Business Processes” and “Optimising Infrastructure”. And there are long, consultative “Best Practice” approaches to combining SAM, ITIL, ISO 19770-1, and custom methodologies to “Optimise”.
But interestingly enough, not many focus on optimising software usage, as it relates to licensing, and the monetisation of the value of your Application assets. And shouldn’t that be one of the most important factors? Isn’t the use of software applications the only true way to start to measure business value of software? And if you aren’t measuring business value, how can you “optimise” it? The Operations Management and Interfaces category of ISO 19770-1 touches on this, but doesn’t map this back to license entitlements and cost in enough detail to help optimise the software mixture.
Then combine this with the fact that most of the software asset management literature, when it does discuss “Application Usage”, focuses on Desktop software only. Not much focuses on high cost and high value software applications. Things like SAP or Oracle; or very expensive niche applications like Cadence, Synopsis, MATLAB or AutoCAD; or more difficult licensing models like concurrent users or custom corporate-specific metrics. From what I have seen, these typically make up 75% or more of the typical software budget, depending on the industry.
To really complete the software asset management optimisation stage, it seems that we as SAM professionals need to add more detail on Application Usage Management and Enterprise License Optimisation into the process. We at Flexera Software have been doing this for a long time with our customers, but see a need to extend the current SAM Maturity Model and other standards to include the Best Practices around monetisation of business value of application software.

In 2006 the International Organisation for Standards passed a standard for Software Asset Management processes ISO19770-1 (dash one). The release of that standard was the product of a great deal of effort initially by Investors in Software (IiS – now merged with the Federation Against software Theft) and the various working groups over a period of 12 months.

Whether or not the release of dash one was a success could be measured through several different approaches. If the success was measured by the number of copies of the standard sold it would undoubtedly be positively appraised, if however certification against the standard is considered key then the zero pass status of the standard would invert the appraisal based on sales.

The reality of dash one was heavy prescription of documentation, many organisations have taken a programmatic view of the content and ‘picked the eyes’ out of it and establish which elements could be practically implemented and drive software asset management benefits.

On Friday October 23rd ISO passed 19770-2 ‘dash two’ a standard which applies to vendors rather than end user organisations and sets mechanisms through which software vendors should ‘tag’ their products to enable identification, recognition and therefore management.

Significant in the development of dash two has been the extended period of development and technical focus by the working group (WG-21) and participation by vendors in the course of it’s development – thereby securing mindshare and at least conceptual buy-in from a number of key members of the software vendor community.

The objective of dash two has been to create software ID tags that provide authoritative identifying information for installed software or other licensable item (such as fonts, or copyrighted papers).
Software vendors / manufacturers / publishers will use the stipulations of dash two to enable their software to be accurately identified. Dash two provides much more than just software identification however, by allowing attributes (27) to be added software identification process including:

• Who distributed the software
• Who may have re-packaged the software
• The individual or unit which authorised the installation
• Mechanism through which the software was purchased

Whilst dash one was drafted by IiS, dash two was initially developed by a committee of the International Business Software Managers Association (IBSMA). Since then WG21 and an other working group (OWG). In the final stages of dash two ratification a non profit organisation call TagVault.org was formed to enable certification of tags and the registration authority therefore.

The organization will act as the registration authority for ISO/IEC 19770-2 software identification tags (SWID Tags) and will provide tools and services allowing all SAM eco-system members to take advantage of SWID tags faster, with a lower cost and with more industry compatibility than would otherwise be possible.

So, we have a new standard – what will the benefits be?

A standardised software tag will enable automated identification of inventoried applications. Minimising administration required by end user organisations and making the task of discovery and licence management tools less onerous.
In reality benefits will be largely long term, however flow through will commence immediately in small percentages as vendors commence applying the stipulations of the standard. A handful of tagged software products will be present in many environments in the coming months, a very small percentage considering the thousands of applications present in many environments.

The number of tagged applications in any given environment should grow towards saturation over a five year period with significant increase as many organisations renew applications in association with implementation of Windows 7.

In the immediate term CA, Symantec, Adobe and Microsoft are moving forward with Adobe having treated dash two as a de-facto standard in advance of it’s ratification, commencing with Acrobat 9 and CS4.

Adobe’s tags enable organisations to identify an installation of Acrobat 9 Pro for instance as:

• A stand alone product
• A trial version
• Part of a Create Suite package – which would be named as either Design Premium, Design Standard, Web Premium or Master Collection

In addition:

• Software applications will be tagged as non-prod where distributed as a test or development version.
• A SWID only file can be created for access based products (CALs for instance) and distributed to all devices which access the relevant server application

Does the ratification of dash two mean that software licence management tool vendors who’ve invested heavily in their own recognition capabilities have wasted that investment? Not at all, the investment made largely by the focused vendors will keep them in front in terms of functional delivery to customers now and a reduced cost of their sale in the future.

Whilst the level of excitement associated with dash two ratification will be muted, simplified recognition will flow through to customers and service delivery organisations in the medium term. Resource requirements will inevitably be reduced to an extent, however robust process will remain the key to successfully managing software costs and compliance.

What remains to be seen is how effectively the dash two standard will enable organisations to deal reporting of cores, value units and the chosen methodology of licensing complex datacenter software titles.

Stephen White
Technology Leader Software
Computacenter (UK) Ltd
Services & Solutions
www.computacenter.com/software