Championing the professional management of software
and protecting members rights

Andy Ellwood, iQuate
By correctly interpreting the complexity surrounding Oracle usage and licensing, iQSonar delivers accurate information relating to ALL aspects of an Oracle deployment.
This was illustrated by an engagement with a large Irish financial institution, in which iQSonar scanned Oracle on several hundred Solaris machines. One of the servers running Oracle Enterprise Edition had a single Sun UltraSPARC-T2 quad core processor. Each of the 4 cores had 8 threads. Under Oracle licensing policy this type of processor has a core factor of 1, so it requires 4 processor licenses. At current Oracle list price a one processor license for Enterprise Edition is $47,000, so the correct list price for Oracle on this server is $190,000.
The manual audit performed by the customer had stated that the server had 32 processors (as indeed did the CPU Highwater recorded in the Oracle database). Licensing for 32, rather than the required 4 license would represent a list license cost of $1.71m.
On another occasion, Oracle License Management Services were engaged with a UK Law Enforcement agency with unique security and operational requirements.
Owing to this complexity – and the size of the network (over 10,000 network devices) – various manual and agent based automated attempts to identify their Oracle deployment had not been successful. This increased the risk of non-compliance and of inefficient utilization of purchased licenses. These issues had also delayed the submission of complete audit data to Oracle by several months.
iQuate completed the audit in just five days without any network, performance or security issues. The customer now has an accurate view of their Oracle usage and was able to report their position back to Oracle LMS.
Finally, after performing a successful Oracle scan for a US based multi-national petroleum organisation across their global WAN network, iQuate was asked to use iQSonar to check some additional operational issues.
As part of their SOX-compliance guidelines, no default or “obvious” Oracle passwords were to be used across the organisation as this represented a significant security issue. iQSonar was able to quickly discover that non-compliant passwords were in use on 12% of Oracle instances.
iQSonar is the only third party tool verified by Oracle as providing accurate and definitive Oracle deployment and usage data

By Patrick Gunn
Recent research findings from FAST in the UK revealed that one software supplier audited 50% more businesses in 2009 than in the previous year. I believe this to be a reaction to the difficult economic times. Most software vendors have intensified their efforts to ensure software license compliance as a means to preserve their revenue during the downturn.
The larger the software publisher, the higher the risk of a software license audit. In fact, the result of an audit can potentially be one of the largest unbudgeted expenses for an enterprise. Unless organisations have their own optimised software asset management solution, they are pretty much at the mercy of software vendors when the auditors come knocking.
An Adobe software audit at a multi-national company is a case in point. This company was able to eliminate a large seat-count Adobe license liability worth over $3.8 million by using a next generation software asset management tool to accurately recognise installed software. The company proved to the Adobe auditors that it actually had a free Flash Player installed as opposed to the several hundred dollar Flash Professional.
When defending against an Adobe audit, pay special attention to the following:
• Inventory and asset recognition:
Collect and analyse inventory for all computers to accurately list all the installed Adobe products. You should include all versions and editions of the different products too. For example, if you have three versions of Adobe Acrobat installed, then the inventory analysis must accurately report all of these versions.
In addition, you must be able to accurately determine the versions and editions of Adobe suites installed versus the component products. This can have significant cost implications for you – Adobe suites cost less than the individual components. Not recognising the Adobe suites can therefore affect your software license liability.
• License management:
The common Adobe volume license agreement is Cumulative Licensing Program (CLP). The product use rights (PURs) for each Adobe product purchased under CLP can differ, from product to product and version to version. For example, Acrobat 6.0, 7.0 and 8.0 may all be installed on the same computer and it will only consume one license. However, this is not the case for the older versions of Acrobat, where each installation consumes a license. Hence, the importance of accurately reckoning installations and applying use rights correctly.
With an enterprise license optimisation program in place, your organisation will be ready the next time the auditors come knocking.

Gartner reports strong rise in software audits

September 11th, 2009 by Matt Fisher

According to a recent report from Gartner (”Gartner Polls & Surveys Show an Increase in Software License Audits”, 31 July 2009), more than 50 percent of organizations it talked to say they have been audited by at least one software vendor in the last 12 months. In research undertaken between February and June 2009, 56 percent of respondents said they had been audited, compared with 30-35 percent for the same study in 2008.

When filtering the results to show only EMEA-based organizations, the result is even higher, with 63 percent of respondents reporting at least one audit request.

According to a variety of sources from both the software vendor and Software Asset Management (SAM) communities, the overall rise in audits is largely not due to an increased level of activity from vendors that already had active compliance programs in place, but instead due to a number of other vendors introducing compliance programs for the first time.

While Adobe, Microsoft, Oracle and IBM were cited as the most ‘prolific’ auditors, survey respondents also reported audit requests from no fewer than 18 other software vendors, including BMC, CA, HP, SAP and Symantec.

As the report states, “On-site audits aren’t pleasant”, and Gartner strongly advises that end user organizations adopt Software Asset Management and License Management practices and technologies well in advance of any audit, so that the company is better prepared to react in a timely fashion and without causing major disruption to normal business activities.