Tideway Software Identification

Tideway Systems Inc., 2008 Page 1 of 16

Software Identification Reports and Outputs

Version No 1.0


1. Contents 1. Contents ............................................................................................................................ 2

2. Preface............................................................................................................................... 3

2.1. Purpose........................................................................................................................... 3

2.2. Document History ........................................................................................................... 3

3. Software Licensing Considerations ............................................................................... 4

4. How does Tideway Foundation help? ............................................................................ 5

4.1. Tideway Knowledge Update (TKU) ................................................................................ 5

5. Example Output ................................................................................................................ 7

5.1. Software identification..................................................................................................... 7

5.2. Management Dashboard ................................................................................................ 8

5.2.1. Breakdown by Product Category............................................................................. 9

5.2.2. Software Products by Vendor................................................................................ 10

5.2.3. Breakdown by Database Technology.................................................................... 11

5.3. Oracle Examples........................................................................................................... 12

5.4. Provenance................................................................................................................... 14

5.4.1. Example 1: Oracle Version.................................................................................... 14

5.4.2. Example 2: MS SQL Editions ................................................................................ 15


2. Preface

2.1. Purpose

This document describes the outputs from tideway Foundation which are typically used in

Software License Asset Management (SLAM) activities. All standard reports within Foundation

export as CSV by default. Additionally, a set of generic export adapters and data mapping sets

allow the export of any data to CSV and RDBMS.

2.2. Document History

Date Version Details

12th Jan 2009 0.1 Initial Draft

12th Jan 2009 1.0 Final Draft. M.Wallenstein


3. Software Licensing Considerations Software licensing is becoming an increasingly complex and expensive area for all businesses.

In the current economic climate software vendors are auditing their customers in order to bolster

their revenues.

Most companies do not have an accurate understanding of what is deployed leading to several

issues:

• Risk of under licensing

o Risk of litigation when the software vendor exercises its right to audit at any

given time

• Over licensing

o Paying for more than you’re using

• Unauthorised software deployed into the environment, which can introduce risk to the

business applications it is supporting

• Software deployed on redundant servers – paying for what you are not using

The difficulty of software licensing is exasperated by increasingly complex licensing models.

Forrester research shows that 58% of infrastructure software licensing is based on Hardware

specification; i.e. Per CPU, per server, per core. So now you must now how much software is

deployed and be able to relate it back to the infrastructure it is running on.

Current licence management tools have great difficulty resolving these issues and are normally

vendor specific solutions. This is due to the following reasons:

• There is no standard for software deployment

o Installed via OS package manager

o Compiled by hand on the target server

o Binaries copied by hand to set of servers

o Distributed by software deployment mechanism

o Shared file systems

• No standard for software versioning

o Registry keys

o Binary fingerprinting

o Path to binary

o Configuration file


4. How does Tideway Foundation help? Through regular agent less discovery of the IT estate, Tideway Foundation is able to keep track

of what software is deployed and being used. Tideway’s Reasoning Engine and Pattern

language allow flexibility and sophistication in the techniques used to identify and version

software. Tideway’s unique Provenance allows full traceability of the source of the data; vital for

proving the data is correct.

4.1. Tideway Knowledge Update (TKU)

TKU content comprises patterns that easily detect simple or complex software and business

applications distributed across platforms. The service currently boasts over 3000 patterns that

identify software processes and sub-processes, providing an unmatched level of granularity to

ensure maximum completeness. TKU covers multiple product types, including:

• End-user applications (SAP, Documentum, Fidessa, Murex) and enterprise portals

(BEA, Vignette)

• Middleware and databases (Oracle, Sybase, DB2, Weblogic, Websphere, MQ Series,

Rendezvous)

• Infrastructure, cluster and availability software (Veritas Cluster Server, HP

ServiceGuard)

• Virtualization platforms (VMWare, Sun Solaris Containers).

TKU’s monthly updates rapidly track vendor product releases and evolving customer

requirements. The service also maintains patterns based on contributions from publishers and

product experts in customer organizations and covers a broad range of deployment patterns

that normally elude accurate identification by other software recognition techniques.

TKU identifies configuration issues, software with known vulnerabilities and costly software that

has reached end-of-life, and is designed to meet four key criteria for data quality:

• Coverage – the cross-platform service covers all of the leading products that underpin

business applications as identified by industry analyst groups.

• Completeness – TKU employs multiple techniques to capture deep version information,

configuration data, and license details, identifying instances of products and mapping

them to the supporting infrastructure.

• Accuracy – With Tideway’s unique data provenance, users have a definitive chain of

evidence on the origin of each configuration item (CI) and attribute.


• Currency – Monthly TKU releases ensure that the latest vendor products and upgrades

are identified and customer requirements are met in a timely fashion.

Many environments have bespoke in-house developed software, or heavily customised off the

shelf software. The ability for customers and Tideway Professional Services to create patterns

that identify their unique software is a key benefit.


5. Example Output Foundation supplies various ways to report and consume the discovered data. These include:

• Management Dashboards

o Graphs and pie charts

o Tabular reports

• Out of the box reports for software vendors and products

• Custom report capability

• Export Capability to CSV and RDMS

5.1. Software identification

Foundation identifies:

• Software that is installed by the standard package manager for a platform: ‘Packages’

• Software that is seen running and triggers Tideway patterns: ‘Software Instances’

• Logical groupings of deployed software that provide Business Services: ‘Business

Applications’ (these are normally unique to an environment and built through a modelling process)

A complete list of deployed software packages can easily be reported, filtered and exported:


Drill through to a package to see where it is deployed:

5.2. Management Dashboard

The Licence Optimization dashboard provides instant visibility of software vendors, products

and versions deployed in the estate. This is software that is identified using patterns.


5.2.1. Breakdown by Product Category

This breakdown allows the user to identify large installations of software by category.

From here the user can drill through to tabular reports; such as “Application Deployment

Software”:

This view lists all software instances and versions, which can subsequently be exported to CSV.


5.2.2. Software Products by Vendor

The user can now drill through to the detail of software deployed by vendor. If I am currently

being audited by Microsoft I can quickly drill through to all Microsoft products:

Additionally the tabular report can be filtered by product:


5.2.3. Breakdown by Database Technology

This report specifically looks at deployed database technology and versions.

The coloured bars within a database technology represent different deployed versions of the

software. The user can hover the mouse pointer over the bars to reveal information regarding

version and count of the instances.

Specific graphs are available for each technology; for example Oracle:


5.3. Oracle Examples

In the previous section we saw a breakdown by Oracle Database Server versions. This product

is usually licensed by CPU or Core, or by users configured.

For cores Foundation can help identify:

• Total number of cores available to the system

o either the total cores in the physical host (including soft partitions like regular

Solaris zones)

o or the hard-limited total cores available to the container (for recognised hard

containers only)

• With customisation to Tideway patterns the discount factor for multi-core systems can

also be included in reports

o 0.75 for dual core CPUs

o 0.5 for quad core or higher CPUs

Version 7.2 of Tideway Foundation allows dynamic querying of RDMS. This allows any data in

table space to be extracted from databases and included in the discovery results. This data

could include users configured, products and add-ons installed.

Two reports are generally used for Oracle Database Server license reporting:

Oracle Host Report

This report shows a list of the servers running Oracle with the following details on each row:

• Host: the name of the host

• Usage: a user-imported field with usage information (e.g. PROD, DEV, TEST)

• Oracle Instance Count: the number of SIDs in this OSI

• Processor Count: the number of CPUs available to the OSI

• Processor Type: the type of CPUs in the system, used to verify the next value

• Cores Per Processor: the number of cores in each CPU

• Core Count: the number of cores in total available to the OSI

• Oracle License Factor: the discount factor, either 1.0, 0.75 or 0.5, populated by pattern

• Oracle License Requirement: the core count multiplied by the license factor


And:

Oracle Instance Report

• Instance: the SID of the Oracle instance

• Product Version: the Oracle version being used

• Host: the host name of the OSI on which this instance was found running

• Usage: a user-imported field with usage information (e.g. PROD, DEV, TEST)

• Processor Count: the number of CPUs available to the OS

• Processor Type: the type of CPUs in the system, used to verify the next value

• Cores Per Processor: the number of cores in each CPU

• Core Count: the number of cores in total available to the OSI

Example Outputs:


5.4. Provenance

Foundation identifies and versions running software. In auditing scenarios it is also important to

be able to demonstrate why the data you are using is accurate and up to date. The provenance

feature provides full traceability of all of the data captured by Foundation.

We will look at two examples; software versions and software editions.

5.4.1. Example 1: Oracle Version

Here is an Oracle Database Server instance, identified by its SID:

We can see that the full version is 9.2.0.1. We can trace the source of this data by clicking the

Provenance button; we can see that the data was captured through a discovery method:

“DiscoveredCommandResult”.


Clicking through the link reveals the source of the data:

Here we can see the command that was executed on the target Host to retrieve the version.

Additionally we have a link to the Discovery Access which gives us the timestamp when this

data was captured.

5.4.2. Example 2: MS SQL Editions

Here is a MS SQL instance that has been discovered:

As well as the full version we have also captured the Edition of this software. We can trace the

source of this data by clicking the Provenance button; we can see that the data was captured

through a discovery method: “DiscoveredRegistryValue”


Clicking through the link reveals the source of the data:

Here we can see the Registry key that was queried on the target Host to retrieve the Edition.

Additionally we have a link to the Discovery Access which gives us the timestamp when this

data was captured.

Documents

Tideway Software Identification