Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
‘Practical implementation of Software Asset Management (SAM)’
Agenda
• An understanding of the principles of
SAM
• How does SAM fit into Service
Management
• Assessing the starting point in your
company.
• How to move forward
License Management
The ability to manage licenses and to ensure that each product is compliant with
vendor licensing terms and conditions.
– Installed software
– Deployment type (Citrix, virtual, roaming profile)
– Client access / user licences
– Computing platform configurations
– Metering
– Contractual / but no cost (i.e. freeware)
Example – How Many Licences needed
• Visio is licenced per seat
• 1000 PCs in total
• 500 of the PCs have terminal services client installed
• 3 approved Visio users (via terminal services)
• Only one user has actually used Visio
Answers
1 = 1 licence
2 = 3 licences
3 = 500 licences
4= 1000 licences
Release
Deploy
In-use
Problem
Incident
Retire
Request
Approve
Procure
Goods in
Pay
Asset Lifecycle
Relationship and Contract
BA
Asset record verification
License Compliance
CMDBSW Asset Control
(Libraries)SW Asset Inventory
RequestApproveProcureGoods in
Pay
Cha
nge
Release
Deploy
In UseIncidentProblem
Retire
SW SW
License Management
A = Recognition tables B = Upgrade /downgrade
Asset tracking – hardware
Relationship and Contract
Asset record verification
CMDBSW Asset Control
(Libraries)SW Asset Inventory
RequestApproveProcureGoods in
Pay
Ch
ange
Release
Deploy
In UseIncidentProblem
Retire
SW SWHWHW
De
velo
pm
en
t
SAM is the effective management, control and protection of software assets within an organisation and the effective management, control and protection of information about related assets which are needed in order to manage software assets.
It is not just License management!
You may be forced to do SAM for :
• Risk management
• Brand image (Vendor audits )
• Penalties / fines
• Cost savings and avoidance
• Efficient contracts /
• Efficient software use (re-harvesting)
• Use of outsource partners
• Gaps in process and control have been made visible
• Internal / external audits, excess costs
• Loss of data or assets
So what is SAM?
Lifecycle Core SAM processes Organisational processes
Planning and
Implementation
Lifecycle process interfaces
Acq
uisi
tion
Deve
lop
ment
Release
Deploy
In-use
Problem
Incident
Retire
Cha
nge
Operations management
Inventory management
Verification and compliance
Relationship and contract
Service level
Security Financial
Asset record verification
License compliance
Compliance verification
Conformance verification
Asset Identification
SW asset inventorySW asset control
(libraries)
Planning
Implementation
Monitor and Review
Continual improvement
Control environment
Corporate Governance
Roles and responsibilities
Competence
Processes and policies
HWHW SWSW
SAM – ISO/IEC19770-1:2006
Lifecycle process interfaces
Acknowledgement ISO/IEC and ITIL
Acq
uisition
Deve
lopm
ent
Release
Deploy
In-use
Problem
Incident
Retire
Cha
nge
Operations management
Inventory management
Verification and compliance
Relationship and contract
Service level
Security financial
Asset record verification
License compliance
Compliance verification
Conformance verification
Asset Identification
SW asset inventory
SW asset control(libraries)
Control environment
Corporate Governance
Roles and responsibilities
Competence
Processes and policies
Reque
st f
ulfilm
ent
Release and deployment
Incident
Problem
Supplier management
Service level
Information security Financial
Service asset and configuration management (SACM)
CMS
SAM plan
Implementation
Monitor and Review
Continual improvement
Service Strategy Service Design
Service Transition
Continual service improvement
SAM and ITIL Processes
Cha
nge
Why not combine SAM processes within our ITIL service management processes?
• Avoids duplication of workload
• Reduces duplication of data
• Change processes can be streamlined
SAM and Service Management
Service Design
• Service Catalogue Management
• Information Security Management
Example
• The Solution
• The initiation of the project
• Selection of suppliers
• Procurement costs
Service Transition
• Change Management
• Service Asset and Configuration Mgt.
• Release and Deployment
• Knowledge Management
Example
• Vendor agreements
• The end of the project
Continual Service Improvement
• On going improvement
Service Strategy
• Service Strategy
Example
• Cloud
• Sourcing
• Outsourcing
• Virtual Applications.
Service Operation
• Request Fulfilment
Example
• Asset lifecycle
• Procurements
12
ITIL V3 Lifecycle and SAM
Acquisition
Request
Purchasing
Agreement
to purchase
Non- Standard
Deployed Software
Manual process
License Position (Compliance)
Under
Licensed
Contract
management
Approval
Deployment
Goods in
payment
HWSW
DSL
• No stock check
• Approvals go straight to purchasing
• SAM manager makes all decisions
• Strategy is not considered
• Media gets lost
• Deployment process not integrated
• Wrong packages used for deployment
• Imbedded software not authorised
• Manual compliance process
• All SW uses the same process
• poor software payment authorisation
• DSL (DML) likely to be uncontrolled
HWSW
Procurement data
SWHW
No links with service
management
Typical Inefficient SAM Processes
Request Fulfilment
Procurement
catalogue
Non- Standard
Service Strategy
and Design
Deployed assets
CMS
Knowledge management -automated
Usage
Over/
under
Contract
management
Contract
Purchasing
Approvals
Deployment
Goods in
Payment
HWSW
DSL
License Position (Compliance)
Procurement data
Automated and
integrated
HWSW SWHW
Service
introduction
• Service mgmt integration
• Process tailored to software
• Controlled approvals
• Stock check
• Responsibilities organised
• Deployment via AD group
• Links to packages
• Imbedded SW licensed
• Compliance based on SKU
• Controlled payments
• Usage management
Stock check
Request
Usage
SAM Within Service Management
Few understand SAM, the changes involved and resources required, so risk of failure is high.
- Identify available data, accuracy and gaps
- Highlight process gaps which impact beyond SAM
- Identify benefits / links to operational activities
Using a maturity model to communicate the current position and issues is good practice
The First Step - Assessment
Basic1
Standardized2
Rationalised3
Dynamic4
ITIL Integrated5
Assets are basically
uncontrolled
Assets are controlled
with manual
processes
Assets are actively
controlled but not
fully centralised
Asset management
fully automated and
centralised
Asset management
integrated with ITIL
No policies
No SAM owners or
accountability
No electronic records
available
No technology
Limited policies
Senior execs informal
Some electronic
records
Low coverage and
inaccurate technology
Published policies
Senior exec responsive
Various electronic
formats
Partial centralised
technology
Enforced policies
Senior exec highly
involved
Single electronic
format
Technology has full
coverage and is
trusted
Integrated policies
Senior exec
accountable
SAM integrated with
Config. MGMT
Technology fully
integrated
Source: Microsoft
Maturity Model (SOM) - KPIs
Example maturity results
0
1
2
3
4
5Organization
SAM Plan
Inventory
Inventory %
Licenses
Compliance
Operations
Acquisition
Deployment
Retirement
0
1
2
3
4
5Organization
SAM Plan
Inventory
Inventory %
Licenses
Compliance
Operations
Acquisition
Deployment
Retirement
0
1
2
3
4
5Organization
SAM Plan
Inventory
Inventory %
Licenses
Compliance
Operations
Acquisition
Deployment
Retirement
0
1
2
3
4
5Organization
SAM Plan
Inventory
Inventory %
Licenses
Compliance
Operations
Acquisition
Deployment
Retirement
HW Outsourced Small company
Small companyBlue chip
Typical company - SAM journey
SAM initiatives
• Centralised procurement
• Processes improved
• Variety of records
• Compliance mitigation
Potential Under Licensing (RISK)
40% 10%20% 5%
SAM plan
• Centralised data
• Documented processes
• Defined roles
• Discovery technology
Measured SAM plan
• KPIs, SLAs
• User satisfaction
• Process efficiency
• SAM technology
Department Corporate Operational
2016 20172015 2018 2019
1
Basic
Uncontrolled
2
Standardised
Manual
3
Rationalised
Not centralised
4
Dynamic
Automated
Centralised
5
Integrated
Shared processes
with ITIL V3
?%
Integration
• People
• Processes
• ITSM /SAM technology
Expense Valued service
SAM Side Effects
• Know where every computing device is
• Understand its hardware / software configuration
• Can reduce the cost and time of changes
– Provisioning, transformation, projects
• Re-use hardware and software assets
• Raise commercial awareness within IT teams
• Easier negotiations with vendors and auditors
Moving Forward
SAM relies on information management
• Hardware assets and build
• Software installed
• Deployment methods
• Licences and commercial contracts
• Roles and responsibilities
• Work flow processes
Plus you have other factors!
Culture, legacy, organisational barriers
Collecting Information
Typical lifecycle with
inconsistent records and
poor workflow
Improved lifecycle using service management (and
workflow) with consistent record collection
discovery
Reports
Request
approval
procure
Deploy
In use
repair
Old stock
retire
Goods in
New Stock
Lifecycle
Act. Dir.
logs
?
Co
mp
lia
nce
User CI
Request
approval
procure
Deploy
In use
repair
Old stock
retire
Goods in
Ticket
Change
manage
ment
request
fulfillmentNew Stock
Change
manage
ment
Incident
manage
ment
Update with application
Asset CIStart asset CI
Add ser. No.
Status = stock
Status = deployed
Status = retired
Status = defective
Status = in progress
Status = old stock
Lifecycle Service
ManagementLibraries
discovery
Verification
Co
mplia
nce
Reports
Compliance
reportscatalogue
Deve
lop
ment
Release
Deploy
In-use
Problem
Incident
Retire
Cha
nge
Asset record verification
License compliance
Asset Identification
SW asset inventorySW asset control
(libraries)
Acknowledgement ISO/IEC
SW SWHW HW
CMS
Contracts
DSL
Request (self
service)
Approve
Procure
Goods in
Pay
Which processes or technology are you missing?Item Status
Software catalogue ?
Self service
Procurement Y
Hardware estate ?
Contracts Y
Licence data ?
DSL N
Discovery data N
Incident/problem
Change/configuration Y
Release
Verification N
Compliance recognition ?
Compliance - up/down
grades
Workflow
Deployment methods ?
Processes and Technology Map
Acknowledgement ISO/IEC
What does a particular toolset do?
License compliance
In-use
Deve
lop
ment
Release
Deploy
Retire
Cha
nge
Asset record verification
Asset Identification
SW asset inventorySW asset control
(libraries)
SW SWHW
CMS
Contracts
DSL
Request (self
service)
Approve
Procure
Goods in
Pay
Incident
Problem
HW
Recognition
on
Upgrade/downgrade
Processes and Technology Map
Small companies
• Single decision point
• Out of the box integrated technology
Larger companies
• Project based decisions
• Siloed teams with individual best of breed
technologies and toolsets
• Use of partners / outsourcers
Small or Large Companies
To Summarise
• SAM is continuous, not a one off
• Implementing SAM gives many benefits to projects and operations processes
• Management support is vital
• Communicate the assessment to all
• Give feedback on quick wins
• Measure progress and communicate success
• Avoid the embarrassment of corporate action