Championing the professional management of software
and protecting members rights

In 2006 the International Organisation for Standards passed a standard for Software Asset Management processes ISO19770-1 (dash one). The release of that standard was the product of a great deal of effort initially by Investors in Software (IiS – now merged with the Federation Against software Theft) and the various working groups over a period of 12 months.

Whether or not the release of dash one was a success could be measured through several different approaches. If the success was measured by the number of copies of the standard sold it would undoubtedly be positively appraised, if however certification against the standard is considered key then the zero pass status of the standard would invert the appraisal based on sales.

The reality of dash one was heavy prescription of documentation, many organisations have taken a programmatic view of the content and ‘picked the eyes’ out of it and establish which elements could be practically implemented and drive software asset management benefits.

On Friday October 23rd ISO passed 19770-2 ‘dash two’ a standard which applies to vendors rather than end user organisations and sets mechanisms through which software vendors should ‘tag’ their products to enable identification, recognition and therefore management.

Significant in the development of dash two has been the extended period of development and technical focus by the working group (WG-21) and participation by vendors in the course of it’s development – thereby securing mindshare and at least conceptual buy-in from a number of key members of the software vendor community.

The objective of dash two has been to create software ID tags that provide authoritative identifying information for installed software or other licensable item (such as fonts, or copyrighted papers).
Software vendors / manufacturers / publishers will use the stipulations of dash two to enable their software to be accurately identified. Dash two provides much more than just software identification however, by allowing attributes (27) to be added software identification process including:

• Who distributed the software
• Who may have re-packaged the software
• The individual or unit which authorised the installation
• Mechanism through which the software was purchased

Whilst dash one was drafted by IiS, dash two was initially developed by a committee of the International Business Software Managers Association (IBSMA). Since then WG21 and an other working group (OWG). In the final stages of dash two ratification a non profit organisation call TagVault.org was formed to enable certification of tags and the registration authority therefore.

The organization will act as the registration authority for ISO/IEC 19770-2 software identification tags (SWID Tags) and will provide tools and services allowing all SAM eco-system members to take advantage of SWID tags faster, with a lower cost and with more industry compatibility than would otherwise be possible.

So, we have a new standard – what will the benefits be?

A standardised software tag will enable automated identification of inventoried applications. Minimising administration required by end user organisations and making the task of discovery and licence management tools less onerous.
In reality benefits will be largely long term, however flow through will commence immediately in small percentages as vendors commence applying the stipulations of the standard. A handful of tagged software products will be present in many environments in the coming months, a very small percentage considering the thousands of applications present in many environments.

The number of tagged applications in any given environment should grow towards saturation over a five year period with significant increase as many organisations renew applications in association with implementation of Windows 7.

In the immediate term CA, Symantec, Adobe and Microsoft are moving forward with Adobe having treated dash two as a de-facto standard in advance of it’s ratification, commencing with Acrobat 9 and CS4.

Adobe’s tags enable organisations to identify an installation of Acrobat 9 Pro for instance as:

• A stand alone product
• A trial version
• Part of a Create Suite package – which would be named as either Design Premium, Design Standard, Web Premium or Master Collection

In addition:

• Software applications will be tagged as non-prod where distributed as a test or development version.
• A SWID only file can be created for access based products (CALs for instance) and distributed to all devices which access the relevant server application

Does the ratification of dash two mean that software licence management tool vendors who’ve invested heavily in their own recognition capabilities have wasted that investment? Not at all, the investment made largely by the focused vendors will keep them in front in terms of functional delivery to customers now and a reduced cost of their sale in the future.

Whilst the level of excitement associated with dash two ratification will be muted, simplified recognition will flow through to customers and service delivery organisations in the medium term. Resource requirements will inevitably be reduced to an extent, however robust process will remain the key to successfully managing software costs and compliance.

What remains to be seen is how effectively the dash two standard will enable organisations to deal reporting of cores, value units and the chosen methodology of licensing complex datacenter software titles.

Stephen White
Technology Leader Software
Computacenter (UK) Ltd
Services & Solutions
www.computacenter.com/software