Date post: | 14-Jan-2017 |
Category: |
Technology |
Upload: | martin-thompson |
View: | 71 times |
Download: | 3 times |
Take Back Control of Your Microso4 Audit/SAM Engagement
About Us Trusted globally by some of the world’s most well-known
enterprise companies, is the leading provider of expertise and negotiation services around Enterprise software contracts. Combining an unparalleled knowledge of the DNA that make up software agreements with the ability to understand company’s individual requirements, is able to drive out significant costs and align agreements to business priorities NOT to those of software vendors and their programmatic objectives. Using technology, process and knowledge derived from the analysis and negotiation of more than a thousand contracts, we help put explanation around the unknowns that create compliance gaps and control spiraling costs associated with Enterprise software agreements.
Why are So+ware Audits/SAM Engagements Such a Big Deal?
• Many So4ware Companies are increasing the frequency with which they audit their customers. Even though some of these audits are hidden under the guise of a friendly So4ware Asset Management (SAM) engagement, an audit is an audit no maFer what you call it.
• The number of audits is increasing dramaHcally because the SAM process has demonstrated a huge return on investment in terms of increased revenue for the So4ware Company
What's the risk?
• The amount of data required for an audit—in order to determine what licenses you own, what products you have deployed; and how many licenses you actually require—can be overwhelming. Companies that are facing an audit can o4en be frozen by the complexiHes and sheer volume of data presented.
• So4ware Companies are becoming experts at this audit game. They train their audit partners to be very conservaHve in how they view the data and to present the facts in their favor.
How Did I Get Nominated for an Audit?
• What triggers an Audit? • What does receiving a Audit/So4ware Asset Management LeFer mean?
• What are my rights?
High Level Guidance
• GET AN NDA IN PLACE! • Don’t go dark on the auditor/engagement manager • Data is the key – get and know your facts
• Do not share data (if possible) unHl you truly understand it yourself • Prepare your stories to explain the data
• Do not allow them to make assumpHons based on not understanding your data
• NegoHate with the auditors prior to informaHon being handed off to Microso4.
Step 1 – The Challenges you will face
• Issue #1 – What tool will be used to collect inventory data • NegoHate to use your tool instead of the auditor’s tool. If you are pushed back on this request, tell them you’d like to provide the data out of your tool and then have the auditor validate or sample the data against data points that come out of your tools, rather than use the auditor’s tool to perform the whole audit.
• Issue #2 – There is no clear defini;on of the license metric • The key is that the auditor is looking for reasonableness that the device exists on the network and requires a license. What they are not doing is reviewing your unique scenarios to see if that reasonableness holds true in your organizaHon. That’s why it’s so important that the SOW reflect what is being used to calculate licenses required based on your business, not on the auditor’s reasonableness assumpHons.
Step 1 – The challenges you will face
• Issue #3 – User Accounts are Determined out of Your Directory • For certain products, license counts can be based on the number of users that are accessing the technology. The problem with this approach is that directories are rarely kept 100% accurate by companies (for many reasons) and o4en show more users than are actually present.
• Issue #4 – Your tool does not provide the edi;ons of some products such as SQL Servers. • The auditors will make an argument that they cannot use your tools because they do not report product ediHons (e.g. whether or not a SQL Server is a Standard or Enterprise EdiHon). Microso4 and their auditors will use this point to use their own tools and/or the Microso4 Assessment and Planning Toolkit (MAP) to perform the audit. Your goal is to convince the auditor to use your tool.
Step 1 – The Challenges you will face
• Issue #5 – Virtualiza;on Rules are hard to monitor and determine. • The auditors will provide their summaries within the ELP, but they do not provide any detailed documentaHon of their findings. This means you are le4 to determine how they have interrupted your deployment data (an overwhelming task) to validate its accuracy. Experience tells us that the auditors will most likely take a very conservaHve approach to this.
• Issue #6 – The SoNware Company will not provide a truly accurate record of what licenses you own.
Dealing with the ELP
• The auditors will provide their summaries within the ELP, but they do not provide any detailed documentaHon of their findings. This means you are le4 to determine how they have interpreted your deployment data.
• The auditor will take a VERY conservaHve approach
• Many clients know that the ELP is wrong, will tell the auditors this, but are unable to get them to change the ELP to reflect reality.
What to Focus on in the ELP
• Ensure development and test servers need licenses • Watch for duplicate machines/users within the data set • Have virtualizaHon rules been opHmally applied?
• It’s important to note that different versions of a product will have different virtualizaHon rights associated with a license enHtlement (for example, SQL Server 2008R2, 2008, 2005 and 2000 all have different virtualizaHon rules)
• User vs. Device Licenses • Non licensable enHHes included in the counts
The NegoNaNon Playbook
• Have a negoHaHons plan and know what to expect • You need to know the numbers beFer then they do or they will win
• AnHcipate their reacHons to your data and know your escalaHon paths • Do not be afraid to escalate when and where it makes sense • This is business its not personal
• Don’t let them play us versus them game • SAM Teams vs Account Team • Finger poinHng back and forth to avoid giving you a concession
The NegoNaNon Playbook
• Tips for NegoHaHng a SeFlement: • Stay calm. Know that you followed the steps outlined in this white paper so you are prepared and have all the informaHon that you require. • Do not be pressured into Hmelines. Your goal is to have a fair and adequate ELP created that reflects your actual use and license requirements. Do not be forced into a seFlement that is not accurate due to monthly sales pressures or tacHcs
The NegoNaNon Playbook
• Be prepared. Be ready to research the licensing terms and other claims the vendor makes to provide backup documentaHon of your claims. • Leverage. Be willing to leverage senior execuHves within your company. A well-‐Hmed call to the right person at the vendor can be very effecHve to unblock a stalemate in the process. • Stay focused. Your goal is to purchase only what you need.
Case Study
• Financial Services OrganizaHon with around 8000 devices.
• Selected randomly for an audit.
• IniHal assumpHon from the auditor (an accounHng firm) was $129M gap.
The Scenario
Assumed everyone needed Office, project etc based on server deployments. • AssumpHon was that end points needed to be licensed as they were accessing Office bits on a server. • Need to have access restricHons and user account properly licensed to access those bits. • Log review was uHlized to show who was really accessing the servers.
Incorrect assumpNons made by auditor
Mistakenly included non idenHfied Non ProducHon/UAT/Dev Test environments as producHon. • Anyone who accessed development environments or have their tested with bit was assumed to be a developer who required a development license (MSDN). • Clearly idenHfy developers, subscripHon levels and development environments.
Incorrect assumpNons made by auditor
Counted PCs which were in transit to be replaced. • This triggers qualified devices clauses within the Microso4 contract. • It is important to document the % you are refreshing on an annual basis and be prepared to back it up with facts/numbers.
Incorrect assumpNons made by auditor
Counted SQL Server Express as STD or ENT EdiHon • Legacy 2005/2008 versions o4en show up in tools as STD or ENT EdiHon and they will assign cores to them. • Be aware of this glitch.
Incorrect assumpNons made by auditor
SePled for $700K in compliance. Started at $129M
Outcome