may 2012 software lifecycle management Bringing a comprehensive approach to software assets

800.808.4239 | CDWG.com/softwareguide

CDW•G REFERENCE GUIDE

A guide to the latest technology for people who get IT software lifecycle management reference guide | may 2012

what’s inside: 800.808.4239 | CDWG.com/softwareguide

Chapter 1: Managing Software Resources...... 3 • A Comprehensive Management Process the software asset • Multiple Risks management cycle • Licensing Scenarios • Licensing Considerations 9 Chapter 2: Software Asset Management...... 6 • The Benefits of SAM • License Compliance • Audits

Chapter 3: The Software Asset Management Cycle...... 9 • Acquisition Policy • The SAM Cycle

Chapter 4: Licensing Management...... 20 • Reducing Unnecessary Software Spending • Preparing for an Audit • Improving Software Management • Using the Right License • Vendor Assistance

Chapter 5: Software Solutions...... 23 • Infrastructure Optimization • Security • Unified Communications • Continuity of Operations

Chapter 6: Software as a Service...... 29 • What Is SaaS? • SAM and SaaS • Maintaining a Hybrid Environment • Preparing for SaaS Visit CDWG.com/sam for more information on software asset management. Glossary...... 33

Index...... 35 SCAN IT CDW•G Solves Data Loss Prevention Problems Download a QR code reader on your mobile device to scan and see how CDW•G can help solve data loss prevention problems for your organization.

What is a CDW•G Reference Guide? At CDW•G, we’re committed to getting you everything you need to make the right purchasing decisions — from products and services to information about the latest technology. Our Reference Guides are designed to provide you with an in-depth look at topics that relate directly to the IT challenges you face. Consider them an extension of your account manager’s knowledge and expertise. We hope you find this guide to be a useful resource. chapter 1

A Comprehensive Management Process Multiple Risks Licensing Scenarios Licensing Considerations

Managing Software Resources Saving money, boosting productivity and reducing management headaches

The world runs on software. As the overlook simple but crucial steps that primary enabler of communications, can save money, boost staff productivity record keeping, operations continuity and avoid legal or vendor-relations and interaction for both private- and problems related to software licenses. public-sector organizations, it’s no If organizations do inventory their wonder that the design, development, software assets, it’s typically done in acquisition and maintenance of software conjunction with an upgrade, such as amounts to a $1 trillion industry. migrating to a new operating system or And that industry is growing. Software obtaining new hardware on a mass scale, comprises a major cost center for or when compelled by an urgent situation, businesses, government agencies, such as a merger or cost-cutting initiative. nonprofits and educational institutions. A comprehensive, focused approach to It typically accounts for 20 percent or managing software resources lets an IT more of IT spending by the enterprise. team avoid these last-minute inventories. Look at it this way: The purpose of all In fact, an organization that manages its processing, storage and networking software using best practices will, at any hardware (and the IT staff investments given time, know its requirements, have to install and maintain it) is ultimately to an up-to-date and comprehensive picture make sure that software runs properly. of the software it has, and possess the It then comes as a surprise how many tools needed to manage its assets. organizations still lack a comprehensive approach to managing their software A Comprehensive and the money they spend on it. Management Process Organizations spend time and money Software management has tracking every hardware asset from technical components, but at its mainframe computers to smartphones. heart it’s a process and organizational But when it comes to software, they often approach, more than a specific tool.

3 chapter 1

A comprehensive approach individual purchases as needs arise, and that can be more to software management expensive — and harder to track in terms of updates and produces numerous benefits, patch control — than a centrally managed license bundle. including the following. That’s a key point. Software vendors often emphasize the Discovery: The IT staff knows legal, reputational and financial risks of underprovisioning, with certainty what is installed but may not mention the risks associated with overusing. on servers and endpoint devices Compliance can also save money by revealing unused throughout the organization. This lets licenses available for provisioning new users. the IT staff do a number of things. Software is easy to buy but much harder to keep For instance, staff can compare track of. A software asset management plan should quantities of copies of sanctioned therefore integrate software procurement with software applications in use with the quantity resource management processes and tools. permitted by the licensing agreement. But before the IT shop applies tools for software Or they can determine if device images asset management, the enterprise must establish goals match the organization’s master image. and policies to ensure that those goals are met. This also allows for discovering if any Software asset management becomes an easier users have downloaded or otherwise proposition for the IT department if the entire organization installed rogue applications such as file- is aware of software policies. For instance, users must sharing software or other security risks. understand the damage that can be caused by downloading Security and uniformity: The IT team rogue software, or how duplicating a licensed application knows if all devices are running not can throw the organization out of compliance. only licensed software but also the proper versions, with the most up-to- License Scenarios date patches and upgrades. This can “Buying” software isn’t quite the same as purchasing help cut support costs and boost the other products or services, such as hardware or tech organization’s cybersecurity profile. support. Software manufacturers sell the right to use what Compliance and risk mitigation: is in essence their intellectual property. The product itself The CIO will be in a position to provide has no corporeal existence beyond the magnetic or optical auditable proof that the organization medium that houses it. So, similar to music, software is easily is meeting its contractual obligations reproduced and in fact is the object of widespread piracy. to software vendors. According to That’s why software vendors, while offering a variety of the Business Software Alliance, which acquisition plans, tend to use mechanisms to make sure their conducts software licensing audits, customers stay in compliance with license agreements. the risks far exceed the $150,000 Individuals purchasing software are often given the right to fine per instance of unlicensed deploy it on two machines or processors simultaneously, but software allowed under federal typically may use of only one copy at a time. On a larger scale, copyright infringement laws. this principle also applies to enterprise software. It’s important to understand the types of licenses a vendor offers. Different Multiple Risks types apply more efficiently in different user situations. When an organization doesn’t have Per-seat license: This type of license assigns to specific, a handle on its software assets, it’s named individuals access or rights to an application. Typically, taking on risk in two capacities. It some mechanism in the enterprise directory administers might be buying too little and buying the access. too much. For example, often an IT So, if an accounting staff has access to the enterprise department possesses more licenses accounting system under a 25-seat license, members of that for a given software application than it staff alone may use the software. Even on a weekend when uses. Perhaps a reduction in staff has most of the licenses are idle, someone from the controller’s occurred. Why should an organization office cannot log on and gain access to the bookkeeping. pay for licenses it doesn’t need? Concurrent-user license: These licenses allow a specific On the other hand, lack of a number of individuals, regardless of identity, to use an central repository can result in application simultaneously. If all of the licenses happen to

4 CDWG.com/softwareguide | 800.808.4239 be in use at a given moment, no one partitioning) first became popular, else in the organization can use the conflicts arose over licenses because software until someone else logs out. multiple instances of licensed copies Volume license agreement: This type ran simultaneously. But the industry of license gives discounts for as few as has since settled down. Now software five licenses. For larger organizations, vendors offer ways for clients to operate discounted prices often leave out media in virtualized environments without CDW•G and documentation. Beyond that, incurring exploding license fees. software manufacturers typically offer a All of these considerations add up Software wide variety of volume licensing options. to the need for an organizationwide Lifecycle For example, Microsoft has several approach to planning, acquiring and plans for large organizations. Customers monitoring software resources. IT Management can purchase enterprise agreements, groups that have comprehensive CDW•G approaches software which include both onsite and cloud- information on their inventories management as a lifecycle. We help hosted licenses. Enterprise subscription and on the contracts under which manage the complexities of software agreements may require a lower initial they are acquired will see notable and maximize return on investment. As a outlay, but the customer doesn’t gain benefits such as the following: trusted advisor throughout the lifecycle perpetual use rights. Each of these • Improved vendor relations: of an organization’s agreements, we programs is available in different These improvements will be offer a variety of resources to consult arrangements for governmental, based on trust stemming from and manage your software solutions. nonprofit and educational organizations. the ability to prove compliance with licensing arrangements. Our lifecycle approach includes Licensing Considerations • Operational agility: This the following: Organizations should take the benefit stems from being • Technology validation: This includes time to plan exactly which end-user able to quickly provision new briefings and strategy sessions to license agreement (EULA) works best users and accommodate ensure the right technology meets for them, understanding that this will employees’ changing roles. operational requirements. vary by application. Organizationwide • Financial efficiency: This gain is utilities are probably best purchased derived from getting the most out • Licensing purchase assistance: This under a concurrent-user setup. For of every software dollar. It’s easy includes evaluating total spend, assets, specific professional functions, it might to overbuy software and spend too usage and purchase history; proposing be best to go with a per-seat license, much on unused licenses or have total cost of ownership (TCO) and ROI assigned to specific individuals. suboptimal license agreements. friendly contracts; optimizing through Most software vendors do not Underbuying can, ironically, also be vendor and contract consolidation. allow swapping users in and out of expensive when an organization • Contract management: This includes access permission if the total number buys single or low-volume licenses ensuring contract compliance for of users will exceed the terms of the ad hoc because of poor planning. true ups and renewals and providing license, even though no more than the That drives up the price per seat.  updates on products, licensing maximum number of licenses might and technology roadmaps. be used at a given time. That is, an organization can’t buy a 50-user, per- • Deployment: This includes providing seat license and give 74 people access. solutions budgets, ensuring the Also, the IT staff should check to see realization of purchase value whether a volume license agreement through deployment, and utilizing allows installation on computers packaged design, planning and not belonging to the organization, pilots for rapid deployment. such as a contractor’s device. Virtualization has brought a new wrinkle to the issue of managing software. When virtualization (which to software vendors looks like server

5 chapter 2

The Benefits of SAM License Compliance Audits

Software Asset Management

Planning and implementing strategies for software

IT leaders looking to better manage The first goal should be obtaining an software resources must consider accurate and complete knowledge software in the right context. It’s base of all the organization’s software hard to imagine that there was a time resources. That should include both when computer manufacturers gave software in active use and software away their software to help sell their that, for a variety of reasons, the hardware. But today, when you think of organization owns but doesn’t use. an organization’s software expenses and That unused software is more couple that with software’s importance important than it may seem because in in day-to-day operations, it becomes finding it, the enterprise is discovering clear that this productivity resource is a assets that cost real dollars but accrue mission-critical, strategic investment. no benefit. In fact, organizations may This is where software asset experience a valuable by-product of management comes in. SAM is a software discovery: It often uncovers combination of several things: a way unused or underused hardware of thinking, a strategy, a process that amounts to latent assets and a set of implementation tools. available for disposal or recycling. This chapter addresses the first If discovery is the first goal, the two, thinking and strategy. second goal should enumerate the SAM is often touted as a way to manage benefits that the organization expects software licenses so that an organization from its SAM strategy. These benefits remains in compliance with often affect the entire organization, not complex licensing arrangements. This is merely the IT department. IT staff true — but SAM is much more than that. should spell out these benefits to A comprehensive software asset other departments, because a SAM management plan starts with thinking deployment is going to involve more about the goals for the SAM deployment. than just the IT department.

6 CDWG.com/softwareguide | 800.808.4239

The Benefits of SAM Would a full enterprise license be more economical Software asset management can than expanding an existing multiuser plan? Is a server- save direct software outlays. That is, it based, concurrent-user license the way to go? Does can reduce, or at least slow, the growth one department have unused licenses that could be in the software budget. It does this in a transferred to make up for a shortfall? Is it time to move number of ways including the following. to software as a service (SaaS), using a cloud provider? Rightsizing licenses: Multiple instances Having knowledge of what versions of applications of multiseat or multiconcurrent users are where allows the IT department to automate can cost more than a consolidated, routines such as installing patches and rolling out enterprise license when calculated upgrades. This frees up IT staff for higher-level activities on a per-user basis. SAM reveals this such as strategic planning and implementation. enterprise view of software and the Knowledge of software assets also benefits users by license terms under which it was acquired. ensuring more timely upgrades and the added functionality By the same token, a divestiture they bring. or outsourcing of some functions may leave an organization with an License Compliance oversized license arrangement for some As global competition has grown increasingly intense, applications. That presents another protection of intellectual property and prevention of opportunity for savings via rightsizing. piracy have become hot topics. Software vendors have Stopping needless purchases: Often, become more vigilant in enforcing licensing agreements. a department will purchase a single- It should be simple: Buy software and use it how you please. user license for an application that the Unfortunately, software acquisition and use are anything IT department has under a multiseat or but simple at the enterprise level. Given that software enterprise license. By comparing available acquisition can be a quarter of an organization’s IT budget licenses with users, a SAM program can (when looking at direct costs), careful attention to software potentially discover unused licenses licensing can pay big financial and operational dividends. and avoid unnecessary expenditures. Rescuing unused assets: When the IT department decommissions hardware, especially end-user devices such as PCs Software License Basics and notebooks, related licenses may Reading through the legalese of a software license contract can be a dull also go out the door. That software can experience. Digging beneath the wording, a typical contract should cover the be uninstalled and kept for later use. following basics: Reducing indirect software costs: These include security and patching Number of concurrent licenses, and Length of usage, whether downloads, installing upgrades and the process (and price) for adding to limited or perpetual or subtracting from that number configuration management. SAM can Terms of transferring usage help harmonize versions across the Geographical limitations on or installations, such as from enterprise and thereby streamline usage, if any, where satellite one computer to another the software maintenance process. or foreign locations exist The knowledge leading to the Terms of acceptance regarding savings illustrated above also enables Whether usage is exclusive whether the software is more efficient operation of the IT to the organization; for suitable for the intended use example, with customized or department. Suppose an acquisition Upgrade and patching terms or personnel expansion will add more custom-coded software Terms of support; for example, users of a particular application than an Whether usage is transferable to  whether it is provided 24x7 or organization already has licenses for. A outside parties, such as contract only during business hours license analysis could present options in workers or business partners time for the organization to be ready.

7 chapter 2

Agreements are only the start of the about compliance. So a SAM program their lifecycles, or it could be something usage relationship, though. Software could actually lessen the frequency like an operating system upgrade. vendors reserve the right to conduct of audits and put the organization in Regardless, a change in enterprise license audits of their customers. a stronger negotiating position for software is a logical opportunity to An audit can be disruptive and time- future expansion as needs change. determine what license quantities an consuming. That’s bad enough. organization holds and what it needs. In But if an organization doesn’t have Audits effect, the IT shop uses the occurrence an accurate inventory of its software Organizations often start a structured of the upgrade to establish a baseline. If assets, it may unwittingly be committing software asset management plan the baseline is part of a SAM deployment, software piracy. Unauthorized copies, under threat of an audit by a software it will be continuously updated.  more users than permitted, even vendor. An audit certainly provides virtualization-related instances not good motivation to have a SAM backed up by licenses — these strategy in place. But SAM is best conditions can all result in expensive implemented in stages, each stage fines and a loss of negotiating added as the organization gains strength with the software vendor. maturity in using the SAM system. In a sense, deploying a software Still, an audit should trigger at least asset management program gives a first-stage implementation of SAM. the organization an ongoing license A good first step is for the enterprise self-audit. That means when a software to compare its software instances Best Practices vendor notifies an organization of with its license agreements. an impending audit, it won’t need This step, when done with a License to perform a frantic inventory standards-compliant SAM tool, Management and last-minute license check. provides trustworthy data that will (in More important, the organization effect) certify to the auditors that the in the Virtual will have confidence that its software organization is in compliance. Or it will let Data Center usage complies with its licensing the organization discover any unlicensed agreements. That lessens the chance software copies and correct them. Review some tips on how to simplify of a fine or related negative publicity. A major software upgrade affecting the complex process of managing And from the software supplier’s the enterprise can also trigger a SAM virtualized software licenses: perspective, a management program deployment. This could be a hardware CDWG.com/softwareguidebp identifies an organization that is serious replacement as PCs come to the end of

Standards for Software Control Two major sets of standards cover software asset management.

The International Organization for Standardization (ISO) and The second set of standards, included in the IT Infrastructure the International Electrotechnical Commission (IEC) created Library (ITIL), take a slightly different approach. ITIL a standard, 19770, for software asset management. As are places software under a superset of what it calls many standards, ISO/IEC 19770 is a work in progress. service assets. The term refers to any financial asset, including those that comprise the IT infrastructure. The ISO standard has three components, the third of which is still under development. 19770-1 lets organizations An effort called ISO/IEC 20000 seeks to harmonize establish a framework of best practices for SAM. the standards of the two groups. Understanding Basically, 19770-1 takes industry best practices and and tracking the standards and their ongoing attempts to work them into a kind of unified code. development is a discipline unto itself.

The second component, 19770-2, establishes data standards As a practical matter, IT managers should look for software for tagging software by SAM tools. The third data standard, asset management tools that incorporate the best practices as covering the entitlement elements in software licenses, defined by the standards bodies. They signal an organization’s is still under committee work. It will be titled 19770-3. seriousness of intent toward good software management.

8 chapter 3

Acquisition Policy The SAM Cycle

The Software Asset Management Cycle

Initiating a continuous management process

Maintaining control over software Acquisition Policy assets requires a continuous process A software acquisition policy can help manage software in order for software licenses even if the enterprise never embarks on a formal SAM and usage to stay in sync within a program. Such a policy should include the following elements. dynamic organization. People and Clear guidelines for who is authorized to acquire software: computers come and go, patches Best practices dictate that any strategic investment, and upgrades arrive, business and including software, should be handled in a centralized manner. operational requirements change. An exclusive list of allowed software: If it’s not on the list, Sound advice from the Business it isn’t allowed, except perhaps by written authorization. Software Alliance and other experts Applications for exceptions should be in writing. coalesces around three critical steps: The allowed list should be accompanied by a blacklist of 1. Know, or find out, what software specifically disallowed software, principally peer-to-peer the organization has. file-sharing programs. P2P software exposes 2. Compare the organization’s the enterprise to two dangers: illegal copying needs with what its license and the importation of malware. agreements provide. A prohibition on user-installed software: The network 3. Adjust inventory, policies and administration can enforce this rule centrally, so that only management approaches to someone logged on as an administrator can download, alter keep requirements, licensing and or copy software. software instances aligned. Some organizations establish a policy board that Broken down in that manner, managing may consist of representatives from the IT team, software seems simple. But even purchasing and accounting. Responsibility for software before an enterprise begins a software asset management should reside with one person. asset management program and buys That individual becomes the person responsible for a tool to carry out SAM, it should have conducting the SAM cycle, maintaining the records some preliminary steps in place. and answering questions about the program.

9 chapter 3

Leading SAM Applications The SAM Cycle The software asset management SAM applications range from single-brand license compliance tools to full- cycle can be broken down into three fledged management suites that let the IT department track hardware and primary steps. This cycle addresses the software. ITIL standards recommend integration of software services with key steps needed to effectively manage hardware as a best practice. an organization’s software resources. Once implemented, it can be repeated and Most vendors provide free, downloadable trial versions of their SAM tools. followed through on an ongoing basis. Vendors continue to emphasize tools to ease the migration of users from SAM Cycle Step 1: Review. A baseline Windows XP or Vista to Windows 7. inventory of software will enable the Given the growth of Apple OS X by users in large enterprises, most of the suites IT staff to later craft a migration path now track these assets. Here are examples of some of the more robust SAM toward sound software management. tools available. Many organizations are often shocked by the number of out-of-date, unlicensed CDW Software License Manager: This is offered free to customers and shows and unauthorized applications found what licenses are about to expire. It provides a complete, detailed purchase on their networks. This often varies history, including the types of licenses purchased (for instance, single-box from department to department. or enterprise). For example, a creative group is more CDW’s Software Asset Manager: This solution is available for purchase and it adds likely to have third-party add-ons or functionality to the free license manager. It gives information on an organization’s plug-ins to the tools they use, such the entire software landscape, licensed and unlicensed, including software that Adobe suite. Engineering teams are also the organization may be entitled to but is not using. It also tracks hardware. fertile ground for highly specific but unsupported applications. Adherence to LANDesk Software Management Suite: This is a toolset composed of software policy is likely to be more buttoned-down distribution, license monitoring and hardware power management resources. in finance or accounting departments. LANDesk Software has updated the suite to optimize it for management of In theory, IT staff could conduct a mobile devices, including the software licenses that might be on them. software inventory by hand, but that’s Microsoft System Center Suite: This offering provides asset lifecycle hardly practical for medium or large management capabilities, visibility into existing software assets, and integrated inventories. This task can be handled by a physical and virtual server management and monitoring among its software discovery tool, which could be numerous capabilities. one component in a vendor’s suite of SAM tools or perhaps a stand-alone product. Microsoft’s Asset Inventory Service (AIS): This tool provides a comprehensive Some vendors offer SAM tools view into software assets deployed on desktops across an organization, scanning for their own products, which can this inventory and translating the collected data into actionable information. often be downloaded for free. Microsoft Windows Intune: This cloud service is a single, easy-to-deploy Commercial products such as solution for PC management and security. It provides updated management Microsoft Asset Inventory Service and asset inventory within a unified experience. This solution also includes include a knowledge base of most upgrade rights to Windows 7 Enterprise and future versions of Windows. commercially available software titles. In general, SAM discovery tools have Novell ZENworks 11: This is a four-component suite of tools for managing assets, two components: an agent installed configuration, endpoint security and patches. The asset management tool tracks on each client machine and a console licenses plus details of usage, even for multiple application users on a single for viewing and managing inventory machine. It features “connectors” to resellers from whom the organization may and reports. Among consoles, which have acquired software, and normalizes license data from multiple sources. some vendors call dashboards, the Symantec’s Altiris Asset Management Suite: This solution approaches IT staff will find applications that run software asset management from a lifecycle and configuration on a single device and those that management perspective. Recent versions have improved search tools are accessed via a web browser and an ITIL-compliant configuration management database that lets an from anywhere in the enterprise. organization model the financial impact of changes to products tracked.

10 CDWG.com/softwareguide | 800.808.4239

• REV In order to enforce policies down to the L IE individual user, inventory tools should O W O view not only the rolled-up number of T instances of a software application but • E also what is running on each client device. The R R

/ This view will let the IT department root E C

out unlicensed and rogue applications. R

O

E SAM

The inventory will become useful as a

E

component in asset management only Cycle N

N

C

I

when paired with the organization’s I G

L

E

N

E collected software licensing

• E

agreements. It also creates a list of R authorized, supported applications. SAM Cycle Step 2: Reconcile. Once the IT department has essential data on software assets (the inventory of what is loaded on systems and the licensing agreements), it can answer several vital questions: • What application instances are not backed by a license? • Which applications does the organization possess unused licenses for? • How extensive is the collection of unsupported, rogue applications, and who has them installed? SAM Cycle Step 3: Reengineer and Retool. Armed The reconciliation stage also helps with the knowledge from the discovery and cataloging answer more subtle questions, which can process, the organization can take a number of steps to yield cost savings, such as the following: ensure that it stays in compliance with its own policies • Are all instances of a support and with the requirements of its software licenses. application up to date (in terms of If a software purchasing practice results in excessive version and patches)? Matching purchases, the knowledge gained from the SAM tool software means fewer work hours will help make the case for ending that practice. devoted to support. SAM also can help with hardware management. When • Are the license agreements effective? examining devices for software, the IT department For example, 1,000 single-user can also check hard-drive utilization rates, operating licenses for a product and 1,000 system versions and configuration information. This copies might clear the organization can help optimize end-user work by letting the IT group from a compliance standpoint. But better match applications and software to hardware financially, it makes no sense given capabilities or know when to replace hardware. the savings that could be realized A mismatch between license information and installed with an enterprise license. copies yields clues to unused hardware containing valuable • Is every installed, licensed copy licenses or software that have been purchased but not actually in use? Can the IT department installed. So, while SAM can reveal the need to buy licenses consolidate and cut licensing costs? to remain in compliance in overuse situations, it also might • How compliant are users within reveal opportunities for getting better licensing deals, reducing the organization? licenses to match needs and recovering unused assets. 

11 chapter 4

Reducing Unnecessary Software Spending Preparing for an Audit Improving Software Management Using the Right License Vendor Assistance

Licensing Management

Taking the necessary steps for smart compliance

Insufficient management of an of total software spending, by organization’s software licenses can user group or department, and by easily incur unnecessary costs. Unused application. An organization saves by licenses represent budget spent on matching copies precisely to its needs idle assets. Those numbers multiply without having to create a safety if a department orders a copy of an margin by overbuying. Why should an application for which it already has an organization have 250 licenses for an unused license. Unlicensed instances can application when it needs only 237? result in fines and expensive legal action. Plus, having an enterprise And mismatching license types with view of requirements puts the enterprise requirements is likely more purchasing authority in a stronger expensive per license than necessary. negotiating position with software From a cost standpoint alone, it makes manufacturers and resellers. Through sense for an organization to closely proper management of software scrutinize its software assets. Legal and licenses, organizations can achieve reputational considerations strengthen a number of important objectives. the case for management tools. Imagine the consequences if an organization Reducing Unnecessary were found to be a software pirate. Software Spending A third argument in favor of thorough Reducing spending starts with license management focuses on software discovery and building indirect costs. Understanding the out a comprehensive database of version and patch history of software software assets. The database should assets lowers the cost of administering relate each software instance to its them, reducing hassle for end users acquisition documentation, license and saving time for the IT staff. agreement and location within the This all adds up to better control enterprise. The goal is to have a

20 CDWG.com/softwareguide | 800.808.4239

precise match between licensing prevents those services from being the vendor are likely to be caught by entitlements and the software in use. applied to software no longer in use. surprise when license mismatches are The IT staff should not overlook identified. The organization may find that the variations in license agreements Preparing for an Audit it has been paying way too much, or it that result when an application or There’s been a great deal of debate could face sudden license costs as well as operating system resides on either a about intellectual property and ways harsh fines — and that can occur for each physical or virtual machine. Streamed to protect it. IT organizations and vendor that decides to perform an audit. applications accessed online by end researchers report an uptick in the audit On the other hand, the audit can users or partners might also have activity of software vendors. That’s one run quickly and efficiently if the different licensing treatments. reason a SAM program is so important. organization has the SAM-generated Still another variable to consider A second reason is that it will reveal reports that match software instances, is cloud computing. Most cloud rogue software that could potentially licenses and license agreements. agreements give the cloud provider expose the organization to legal trouble some leeway on the physical location unrelated to its software vendors. File Improving Software Management of a given customer’s computing sharing, gambling and even unauthorized Better software management resources. This brings another layer software used for legitimate work practices also flow from continuous audit of complexity to the maintenance purposes — many troublesome scenarios preparation. Armed with a continuously of a software inventory. can come to light in the discovery phase. up-to-date dashboard, the IT shop SAM tool vendors such as Symantec An audit can go one of two ways. In becomes more efficient at provisioning recommend quarterly reviews of the absence of an organized approach to new users and pulling back licenses from software contracts. This periodic software asset management, an audit people who depart or change jobs. approach helps to ensure that the can turn into a nerve-wracking fire drill And because state-of-the-art tools organization doesn’t drift out of as the IT group, legal, purchasing and give detailed information about the compliance with license agreements. accounting departments pull together version and patch status of software, It also keeps unused assets from piling documentation to build a picture of the the IT team can better plan the work of up. An ongoing SAM program reduces organization’s software landscape. upgrades and configuration management. maintenance and support costs if it Of course, both the organization and These packages, briefly described in

21 chapter 4

Chapter 3, typically come with workflow A final factor is how the software is tools that automate SAM practices. deployed. The organization may use it For example, a request for software for development, testing, production or would trigger the appropriate approval runtime, or it may be publicly accessible CDW•G: and registration processes, touching the via the web. IT, finance and purchasing departments. Helping Make When the software arrives, the SAM Vendor Assistance the Most of suite automatically registers installation A large reseller has the technical and records license compliance, serial resources and experience to consult Microsoft number, support agreements and with volume software buyers, keeping The IT department should not any other pertinent information. them in compliance and helping to ensure undertake licensing agreements Organizations should look for tools that they use the most advantageous on its own. The legal and finance that fulfill IT Infrastructure Library volume license agreement. departments should also be (ITIL) requirements, including vendor This process typically begins with included. Large software vendors neutrality. Vendors of widely used or an assessment of the computing offer many resources, but taking industry-standard applications often environment and organizational goals. advantage of them requires an supply discovery and license compliance The assessment includes examining the organization to do its homework. tools, but only for their own products. customer’s internal processes for managing ITIL practice also promotes the ability licenses, vendors and procurement. And Microsoft provides a good example. to generate comprehensive reports, it will look at whether there is sufficient Its volume licensing reference guide enabling the enterprise to answer support for the SAM process itself from is thorough and well-written, but questions an auditor might have. The senior management. The SAM team will it is 73 pages long. That’s because same reporting function helps the obtain answers to questions such as: its customers range from small IT shop survey software assets for • How does attention to compliance businesses with a few PCs to the version, support history, even bug vary among departments? largest global enterprises. and crash patterns leading to more • Are processes too reliant on manual or CDW•G’s team of Microsoft proactive system administration. homegrown tools that don’t scale well? experts are also available to guide • Where is licensing and other organizations through the entire Using the Right License software information — gathered lifecycle of Microsoft enterprise and The fundamental decision when centrally or scattered among end-user software products. As a purchasing software for the enterprise teams and departments? gold-certified Microsoft Partner in is what type of license agreement to • Are procurement, chargeback and nine competency areas, including use. Software acquisition gives the tracking processes adequate? volume licensing and software asset buyer the right to use the vendor’s • How does virtualization affect licensing management, CDW•G’s licensing intellectual property, but that right is agreements and compliance? specialists can get an organization up limited by the licensing agreement. Asset management is typically the to speed quickly on acquiring the right In general, basic license agreements centerpiece of a range of software-related software and managing it effectively. preclude copying the software, making services that vendors offer. Making it available to multiple users or deploying use of a professional services group CDW•G can help customers choose it outside of the organization. to assess software needs can improve from among Microsoft’s wide range of Several factors determine the most the likelihood of having a controlled, licensing plans, including Open Value optimal type of license agreement. compliant software inventory. for organizations with fewer than First, there’s the issue of the number This team can also oversee installation 250 PCs, and Select Plus for larger enterprises. Microsoft also offers two of user licenses needed. Another and configuration, the kinds of chores that types of enterprise agreements for important consideration is the keep IT staff from devoting more time very large organizations, with both architecture under which the software to strategic application development. purchase and subscription options. will be installed. Software instances In short, outsourcing the operational can occur on each end-user device, steps of software asset management on a server, in the cloud as a service, optimizes the deployment of software or as multiple virtual machines on while keeping costs under control.  two or more physical servers.

22 chapter 5

Infrastructure Optimization Security Unified Communications Continuity of Operations

Software Solutions

An array of options available to address most any IT need

With a framework for managing application, as a logical (virtual) unit. performance down to the individual the organization’s software assets in A physical x86 server that may have virtual machine. Plus, vSphere 5 supports place, the IT department gains freedom been devoted to one or two applications USB 3.0 and Apple OS X Server 10.6. to do its primary job: optimizing the (and operating at 20 percent of capacity) Microsoft’s Windows Server 2008 technology infrastructure to best can potentially host 20 or more virtual R2 Hyper-V ships as a stand-alone support the missions of the enterprise. machines. That consolidation ripples product or with the company’s Windows This chapter will review important outward through the infrastructure, Server enterprise edition. When classes of enterprise software solutions generating savings on hardware, coupled with Microsoft’s System Center and provide some guidance on how to real estate and electricity costs. solution, this server virtualization sort through the available options. The virtual machines themselves platform provides a highly reliable, can be replicated at regional clouds scalable and manageable data center. Infrastructure Optimization or data centers, or moved among Citrix Systems’ XenServer features This class of software stays invisible to them at wirespeed for backup, simple, per-server pricing options. users, but infrastructure products form redundancy and failover, as well as more Version 6 adds tools for managing the enabling foundation for a secure, efficient use of network capacity. a virtual network and distributed mobile, work-anywhere enterprise. A few proven products dominate access management to applications. the server virtualization market. Server Virtualization VMware’s vSphere 5 is the latest version Client Virtualization The concept of virtual machines dates of the manufacturer’s core product. Client virtualization follows server to the earliest mainframe computers. It features an updated hypervisor virtualization in many organizations. But server virtualization has thrived architecture. The hypervisor includes Converting users’ computing resources to in enterprises looking to both cut a layer of software that mediates virtual machines simplifies administration infrastructure costs and optimize their between the operating systems of the and allows deployment of secure, systems for web applications, mobility, virtual machines and the hardware. inexpensive thin desktop clients. It also security, availability and performance. The vSphere 5 software has improved promotes mobility, because a user’s state Virtualization renders all of the tools for managing storage, and it is no longer tied to their desktop machine. elements of a server, from storage to lets the system administrator control As expected, the server virtualization

23 chapter 5

leaders also offer client products. Citrix among multivendor storage area networks. HP LeftHand P4000 XenDesktop, Microsoft Application Virtual SAN Appliance Software is a virtual machine itself, tuned to Virtualization (App-V) and VMware View optimize storage availability to ESX and Hyper-V virtual machines. take different architectural approaches, IBM’s System Storage SAN Volume Controller is highly scalable and but all support remote access. features an optimizing function for fast Tier 1 solid-state storage. Microsoft App-V delivers online applications even if the app is not Storage Management installed on the client. VMware Analysts sometimes characterize storage as the dog wagging View and XenDesktop virtualize the IT tail, in that such a basic commodity consumes so much time and the user’s image, including the money. That’s why storage management solutions should be a part operating system. Another entrant, of any IT optimization strategy. Symantec Endpoint Virtualization Storage management encompasses several functions besides the Suite, features “reharvesting” of basic I/O writing of data. It also includes assignment of data to the software licenses from virtual user correct storage tier, depending on frequency of use and retrieval machines to help ensure compliance. speed requirements. This ensures that backups occur on time and without errors, Storage Virtualization maintaining high availability so applications keep running. It optimizes Virtualization doesn’t end with allocation of capacity and storage networks to maintain individual computers. Storage high utilization rates. virtualization separates logical blocks The top products also include important storage utilities such of data from physical disks. Its goal as online encryption, deduplication, tape support and connectors is to simplify application and user to specific storage brands. IBM Tivoli Storage Manager provisioning and to add capacity. A encompasses 10 components available separately or as a bundle, four-tier, enterprise storage complex all controllable from a single console. may have scores of arrays, each with EMC (the parent company of VMware) offers comprehensive storage its own network connections and each management tools aimed at optimizing virtualized environments requiring settings for how their capacity in the cloud delivery model. Symantec Enterprise Vault specializes is allocated. Virtualization hides and in archiving and retrieving unstructured data such as e-mail and manages that underlying complexity. documents, while managing that data’s storage in the appropriate tier. Storage virtualization presents a single management console to systems Infrastructure Management administrators through which they Managing infrastructure resources is part of optimization — in can create storage pools allocated some ways the function that ties it all together. VMware offers a per application and per storage tier converged approach to management, which gives IT a single view (depending on the service requirements into both virtualized and cloud environments, and across applications of the application) without regard and functional areas such as data center operations and to which individual subsystems application development. might physically house the data. It does this by embedding agents that monitor vSphere functions It also eases administration, as where they occur. Converged management, the company says, offers operators need to learn only one a high degree of automation in addressing performance problems and management console, even in restoring crashed or corrupted machines, as well as in provisioning heterogeneous storage environments. new servers or clients. And virtualization increases utilization Microsoft’s System Center 2012 is a comprehensive monitoring rates of disk systems, so organizations and management platform that spans the data center to the can avoid unnecessary investment desktop. With this resource, organizations have the ability to in capacity. start with the tools they need, from desktop management to data Leading storage virtualization center automation, adding software and features as they grow. software includes EMC’s Invista, a With the App Controller and Virtual Machine Manager features, software-only solution that lets an System Center gives organizations the tools they need to manage administrator move virtual volumes their public and private clouds. Orchestrator and Operations Manager

24 CDWG.com/softwareguide | 800.808.4239

provide the ability to automate day-to- for specific enterprise applications such day tasks and monitor infrastructure. as e-mail or Microsoft SharePoint. Service Manager offers an ITIL and Symantec takes a comprehensive Microsoft Operations Framework (MOF) approach in its DLP solution, starting problem and change management with discovery of sensitive information. system to track incidents in the Then it automatically applies rules for environment. And Configuration Manager who can access, read, alter or copy it. provides a means for organizations to Symantec’s DLP solution works on manage their desktops and servers. tablets and tracks social media and enterprise data. Plus, it includes a new Tactical Advice Security tool to speed discovery and protection of Few IT challenges vex organizations intellectual property such as source code. Managing more than security. Upcoming comprehensive cybersecurity legislation Threat Prevention Malware will begin to federalize standards for Cybercriminals use a variety of Learn some techniques that how enterprises secure networks techniques to gain access to enterprise will improve an organization’s that control critical infrastructure. networks. Software that counters security strategy: Cybersecurity cuts across all of the risk this falls under the general category silos organizations deal with: continuity of threat prevention. The latest threat CDWG.com/softwareguideta of operations, legal compliance, end vectors include socially engineered user and partner faith, privacy liability. spam. Also, criminals use techniques This occurs against a backdrop of an such as embedded links to malware enterprise products. General software ever-changing threat environment. in websites, denial of service attacks manufacturers such as CA Technologies and sophisticated password cracking offer a wide variety of authentication, Data Loss Prevention to gain administrative access. Social governance and access control products. Sometimes threats gain access to media have also provided new avenues Companies such as Websense network resources. That’s where DLP for malware and data theft. approach security from the content and software comes in. DLP has evolved Repelling these attacks requires data point of view, and offer special tools in recent years from its origins in defense in depth. This means using for protecting enterprise information on compliance for regulated data. Online a variety of tools in concert with social media. Network hardware vendors privacy concerns, data location continuous monitoring of network traffic. such as Cisco tend to take the appliance proliferation caused by mobile devices Network intrusion monitors, approach, offering integrated hardware- and adoption of cloud computing have sometimes hosted on dedicated software security solutions. Microsoft’s all driven DLP toward deployment for rack servers, have sophisticated Forefront Security product line provides all types of enterprise information. profile libraries to stop unwanted an end-to-end set of security solutions, Comprehensive products such as traffic. Tools to mine network activity signaling the company’s continued CA Technologies’ DLP solution provide logs provide clues to sources and investment in this area. end-to-end protection using a portfolio methods of intrusion attempts. of technologies. It distinguishes classes Endpoint tools such as antivirus and Secure Remote Access of data, such as personally identifiable antispam software continue to play a With the growth in mobility, secure information or intellectual property. role in cybersecurity. But hosted content remote access tools have become Software from others, such as filters or blacklists of known or suspected increasingly popular. The challenge is Check Point, protects applications malware senders can prevent malware- to maintain security while providing a from unauthorized users while keeping laden e-mails and attachments from responsive, satisfying remote- potentially dangerous applications from reaching users’ in-boxes in the first place. user experience. accessing the network. McAfee ties Numerous vendors function in Secure Sockets Layer virtual private DLP to deep content inspection and the the highly competitive market for networks (SSL VPNs) constitute ability to roll back network audit logs for a cybersecurity tools. Symantec and the basic building blocks of secure forensic look at potential losses. Another McAfee continually expand their remote access. A VPN is a persistent DLP leader, Trend Micro, offers solutions portfolios from individual workstations to connection using the public Internet

25 chapter 5

between two points, using encrypted PGP Whole Disk Encryption, which Unified Communications traffic and added features such as ensures that a lost or stolen device won’t Traditionally, organizations would quality of service (QoS) and routing. yield data. Trend Micro sells a suite of pay to own and operate two separate Analysts point out that as more products covering remote patching, networks — telephone and data. A organizations let workers use personal multiple operating systems, mobile unified communications strategy devices for work (known as “bring devices and virtualized end users. reduces costs by moving telephony, your own device”), they need to install Check Point’s Endpoint Policy video, instant messaging and call center network access controls (NACs) Management suite provides a central management to a common IP network. capable of profiling individual devices console for administering user access Unified communications requires and carefully delineating which areas and device security configurations. interoperability among applications. The of the network they can access. McAfee takes a device-level approach Session Initiation Protocol (SIP) is the VPN leaders include Cisco, which to encryption, with products that can standard used to achieve interoperability. offers VPN technology for both site-to- encrypt an entire hard drive or selected SIP has been around since 1999, but it site secure connectivity and for remote files and folders. Encryption can also continues to evolve. SIP doesn’t cover all access. Juniper Networks also has a broad apply to USB drives and other removable functions or applications. But vendors in line of VPN and NAC products. Check media. Microsoft Windows 7 client the IP communications field tend to adopt Point offers what it calls software blades provides native drive encryption, which it as the foundation for their products. for endpoint and network security and is applied to the local hard drive and can In choosing a UC product vendor, related functions. Combinations of blades also be extended to removable media. look for standards support but also run on a single appliance from which Host-based intrusion detection/ for innovation that will let the user add they are centrally managed. Microsoft’s prevention systems, such as Cisco’s platforms and applications going into the DirectAccess provides seamless, secure IPS 4200 Series, combine hardware future. The big trend in UC is incorporating remote access for Windows 7 clients. and software in turnkey appliances that mobile devices, enabling them to take NetMotion Wireless specializes in usually sit at the edge of the enterprise on the same functions available to mobile secure access for Windows network. They detect and trap malicious deskphones and other endpoints. clients and on addressing the challenges intrusion attempts using a knowledge of maintaining persistence using base of unwanted behaviors. Packages IP Telephony cellular networks as the transport may combine edge appliances with IP telephony looks to users like medium. SonicWALL’s Mobile Connect endpoint firewalls and antivirus software. traditional telephony. People have VPN for mobile devices works with desk sets with all of the functionality a variety of operating systems, Risk Assessment & Compliance of standard switched-circuit phones including iOS, Android and Linux. Organizations operating in regulated (and a whole lot more), but the NAC leaders also include CA, fields must periodically certify that they features are available digitally. The Check Point, Cisco, Juniper, McAfee, are following regulations and guidelines routing infrastructure that replaces Microsoft and Symantec. for data security and risk mitigation. Risk a traditional private branch exchange Highly secure remote access often assessment and compliance software can moves to the data center. encompasses two-factor authentication; help do just that. The elements of such Cisco’s Unified Communications for example, a fingerprint and a software amount to data governance. Manager Session Management Edition password. Known for its encryption No single tool provides instant risk is a major player in this market. Together products, RSA (the security division assessment or regulatory compliance. with Cisco’s Unified Border Element of EMC) also offers one-time random But by combining network assessment, (CUBE), it acts as an IP integration hub password generators that can be used identity management, access control for a variety of devices and services in conjunction with regular passwords. and audit tools from companies such as within an organization. Avaya’s Quest, McAfee and CA Technologies, Aura is its underlying architecture Endpoint Protection the IT group can achieve assurance that for SIP unified communications, Some organizations encrypt sensitive data is secure and manipulated only combined with the Avaya Agile data accessed by notebook PCs and by those who have the authority to do Communication Environment. ACE other devices, both in motion and when so — and demonstrate to financial or links operations processes and stored. Endpoint protection software regulatory auditors that this is the case. systems to the communications includes products such as Symantec’s infrastructure, Avaya says, for improved

26 CDWG.com/softwareguide | 800.808.4239

collaboration within the enterprise. VoIP calling and instant messaging. than customers’ experiences with call Both Avaya and Cisco make a wide It integrates with Office applications centers. Contact center management range of hardware and software and works at fixed endpoints or on starts with establishing clear platforms, principally appliances to mobile devices. To give users and performance goals, metrics by which to host their enterprise software and IP administrators a single contact list, measure progress and effective training telephones. Some combine services Lync connects to Exchange Server. of call center operators. After that, such as telephones with built-in video Microsoft’s Office 365 brings together technology puts the plans into action. conferencing. Avaya’s Flare, an iPad the company’s Office 2010 with cloud- Enterprises are increasingly turning application, combines the organization’s based shared documents, instant to distributed call center agents using employee directory with mobile messaging (IM), web conferencing and multiple incoming channels. Cisco’s IP phone and text messaging functions. the power of Exchange Online with contact center technology exemplifies ShoreTel’s Core Software emphasizes 25-gigabyte mailboxes and built- this approach. IP telephony applied simplicity in achieving UC, providing a in layers of antivirus and antispam to call centers gives detailed reports central point into which an organization protection. This comprehensive solution on call center performance metrics can plug its applications into. provides enterprise-grade tools at down to the individual agent. It also lets a predictable monthly cost and no centers allow people to contact the Collaboration & Conferencing upfront infrastructure investments. organization not only by phone, but also A major benefit of unified via e-mail and live web chat sessions. communications, improved collaboration Messaging Technologies At the core of the top vendors’ stems from richer conferencing Organizations are turning to more contact center software solutions is technology that was not available efficient messaging technologies. intelligent routing. This technology with legacy telephony. Growth in Messages might occur person to lets the call center automatically send teleworking and mobility, coupled with person for instant collaboration or calls to the first available, least busy or a decreasing appetite for the costs and fact checking. Device-to-device most expert operator, depending on inefficiencies of work-related travel, messaging can synchronize host-based the rules the organization has built in. IP has driven organizations to find ways information with mobile devices, or standards let operators work anywhere. for people to collaborate, even when vice versa, for everything from a new Avaya’s Call Center Elite, offered they are separated by distance. contact to updated organizational data. under its Aura architecture, is Adobe Connect uses Flash IBM’s Lotus Notes client software available directly or via carriers as a technology as the basis for its rich (mobile or fixed endpoint) provides managed service. Avaya’s Social Media webinar software. Online events can the front end for workflow-driven Manager follows Twitter postings scale to thousands of simultaneous information updates to users’ social, for keywords and routes them to participants and can incorporate rich contact, calendar and business its contact management software, media, including high-definition video. applications. It includes instant where they can be handled by call Citrix GoToMeeting is a hosted service messaging and access to coworkers’ center staff. Cisco’s Unified Contact requiring a small agent on participants’ status. Notes works in conjunction with Center Enterprise stores information PCs. Users can initiate meetings Domino, an enterprise platform that about end users so organizations spontaneously or schedule them ahead hosts applications. Domino controls can prioritize their inquiries. of time. During meetings, they can share workflow and other workflow processes. content and view each others’ desktops. Microsoft’s Exchange also operates Continuity of Operations IBM’s Lotus brand groups a large on desktop PCs and mobile devices. It Always-available IT provides suite of collaboration products. The gives a unified front end for users to see assurance that work processes suite includes software for unified and manage all forms of communication: and online presence will continue communications, social media, e-mail, voicemail, instant messaging, even during a catastrophe or other collaboration for mobile devices RSS feeds and calendar invitations. operational threat. That can mean and messaging. there is little danger of permanently Microsoft’s Lync Server 2010 is the hub Contact Center Management losing records. But to assure of the company’s unified communications Few things can enhance (or potentially continuity of operations (COOP), an strategy. Lync forms a platform that damage) the reputation of private- organization’s IT department has to supports audio and video conferencing, and public-sector organizations more make sure it has fail-safe technology.

27 chapter 5

Backup Strategies Archiving Properly architected backup No organization has infinite disk storage, so ultimately, data must pass from strategies form the foundation of COOP. primary storage to an archiving system. Archives, depending on required retrieval The top solutions let an organization speeds, typically consist of tape or optical storage. tune its backup processes so that The enterprise backup products mentioned previously also provide file archiving the backup facilities are never too far functionality. In addition, CommVault Simpana Archive suite includes specialized behind production systems in terms e-discovery archiving and retrieval software. Symnatec’s Enterprise Vault focuses of time or number of transactions. on unstructured data, taking a document-centric approach to archiving. The terms recovery time objective Microsoft’s Exchange Online Archiving is a cloud-based, enterprise-class (the acceptable period of downtime for archiving solution for Exchange Server 2010 Service Pack 1 (SP1) or later on- a process) and recovery point objective premise organizations. This solution allows an organization to host users’ primary (the maximum time needed to recover mailboxes on on-premise servers and store their historical e-mail data in cloud- data) are important when considering based archive mailboxes. It can assist with archiving, compliance, regulatory and solutions in this area. Acceptable RTO and e-discovery challenges, while simplifying the on-premise infrastructure.  RPO depend on the operational focus. A high-volume transaction environment such as a university course registration Backup Is Only Half of period or a local government tax payment deadline has requirements in Continuity of Operations the milliseconds, whereas a brick-and- Backup technology enables high availability but doesn’t by itself provide it. As the mortar operation might be able to tolerate corollary function to backup, recovery uses backup data to restore functionality. minutes or even hours of downtime. Other important features include To be sure, data backup must be comprehensive. Application data alone won’t granularity in backup at both the file and ensure recovery in all instances. Full recovery sometimes requires a backup of system software levels, and coverage the application itself and the operating system over which it is running. That of heterogeneous, multivendor systems includes all of the updates and patches. in a single package. Additional key Bare-metal backup may put an entire application environment, complete with technologies for efficient storage and moments-ago data, on a new server in the event of a failure. Or, backup may recovery are incremental backup (that involve a complete virtual machine restored to a running server if the VM is is, backing up only changed data), built- corrupted, or to a different server in the event of a hardware failure. in deduplication and compression. Acronis Backup & Recovery 11 is Still, presuming full backup, recovery also requires other software capabilities, one top solution, adding stronger including the following: support for Linux, tape emulation on disk and virtual machine backups. • Continuous operation: In smaller organizations, users might be able to get IBM’s Tivoli Storage Manager suite away with periodic backups. Enterprises need continuous backup, coupled with intelligence and analytic capabilities to conserve disk space and bandwidth includes robust backup and recovery by only backing up data that has changed. software. Tivoli Storage Manager and CA Technologies’ ARCserve feature a • Server support: This includes support for clustered servers, side-by-side virtual single point of control for backing up and physical servers, and replication over the WAN to ensure that physical data distributed environments and are geared center damage doesn’t wipe out both production and backup environments toward high application availability. simultaneously. These products back up both physical and virtual machines, and have tools to • Hybrid environment support: This includes having some applications and data warn of potential data storage capacity hosted in a third-party cloud. problems. Symantec’s Backup Exec 2012 • Automatic failover: The complexity and speed of a transactional computing is another enterprise solution covering environment requires recovery software to kick in without operator intervention. physical and virtual servers and providing highly granular application data backup.

28 chapter 6

What Is SaaS? SAM and SaaS Maintaining a Hybrid Environment Preparing for SaaS

Software as a Service Determining when a software subscription is the best option

Software as a service (SaaS) has What Is SaaS? emerged as a way for enterprises to Software as a service delivers gain the benefits of software without application functionality from a central the cost and complexity of actually host, granting user access from any licensing it. Because “buying” is, in client hardware, typically via a web essence, licensing the right to use browser over a secure connection. In the software, buying into the SaaS model most common pricing models, SaaS is distills the benefits of enterprise priced per user, per month or per year. applications from the complexity of SaaS gained its enterprise foothold licensing and maintaining them. with human resources services such The model itself isn’t new, though as payroll and customer relationship it failed to catch on with large management (CRM) software. organizations that had the in-house The moniker SaaS came later. capability to handle software when SaaS Today, many more applications emerged a decade ago. Today, concern are moving to the SaaS model, with costs and other constraints in most notably personal productivity deploying necessary capabilities is software. Behind many organizations’ prompting many large organizations adoption of services such as Microsoft to look seriously at the SaaS model. Office 365 is a desire to reduce An explosion in cloud computing operations and maintenance costs. capacity and falling costs for high-speed E-mail is a case in point. It appears networking have also sparked interest an inexpensive commodity from the in SaaS. User virtualization, telework single-user point of view. But at the and mobility together form a third enterprise level, with the administration driver of interest in this technology. required by multiple directories, coupled with the disk storage and server

29 chapter 6

capacity it requires, e-mail costs add up. be able to replace “thick” PC clients with less expensive (and Collaboration tools such as SharePoint are more secure) display terminals running only a browser. becoming more common as online services. Staff support: SaaS vendors stress the gains of instant Document and word processing packages, provisioning of new or changed users versus whatever which act like wikis in the SaaS model, reduce administrative work a licensed version requires of the staff. confusion and lower storage requirements The service provider handles administration of the software because users don’t have to sort through itself — updates, patches and version replacement. version after version as documents evolve. Payment systems: What payment systems does the vendor Two basic delivery models apply to SaaS. offer? The most common type of payment is per user, per The publisher of the software may host the month. Vendors of CRM and HR software may also price their application itself, delivering it to the customer products as hybrids, with per-transaction fees applying. Vendors via its own data center. Or third-party may also add fees for exceeding preset storage limits. partners work with the software publisher. Response times and user experience: Delays When looking at SaaS, an organization’s caused by service delivery over a wide area network analysis should take into account several ancillary can negatively affect mission delivery. cost considerations, including the following. Security: SaaS providers realize that security tops their Infrastructure: What effect does moving to an customers’ list of concerns. The National Institute of Standards on-demand application have on hardware and and Technology has developed, in conjunction with both business networking requirements? While some support and government groups, extensive security standards for cloud gear, such as specific servers, may no longer be computing. Reference these standards in service agreements. needed, organizations will likely need to make Also, keep in mind that all data is not equally sensitive. upgrades to their LAN and WAN infrastructures. Since more stringent security entails higher costs, reserve At the user level, the IT department may the highest security requirements for the most sensitive

30 CDWG.com/softwareguide | 800.808.4239

data, such as personally identifiable information, intellectual property, financial documentation and any data subject to state or federal regulation.

SAM and SaaS An obvious question arises with growing CDW•G frequency as enterprises adopt software as a service: Is software asset management needed when in the Cloud consuming software as a subscription and the vendor Planning is the most important element in is metering the number of instances it uses? deciding when and how to move to cloud The answer, in essence, is no. Organizations computing and software as a service enter into SaaS agreements precisely because (SaaS). As a licensed reseller of scores they yield benefits similar to SAM. of software brands and hundreds of For example, an organization will face fewer software applications, CDW•G has the resources audits. It won’t have to worry about a vendor or third- to help even large enterprises better party launching an audit when the vendor maintains understand their software requirements all of the licensing and usage information itself. and the best approach to fulfill them. SaaS customers, thanks to reports provided by • SaaS vendors, will gain a clearer understanding of their CDW G’s professional services group enterprisewide software requirements and usage patterns. has more than 500 engineers available to assess an organization’s current Beyond simplifying software asset management, technology, plan what it will need SaaS provides technology benefits that can save for future operations, and design an money by helping the IT department avoid certain infrastructure to support it all. tasks required of on-premise software. For instance, vendors apply security patches. When they upgrade Beyond that, CDW•G provides managed applications, the new functionality simply exists services for cloud computing. Many at the next user login. If an upgrade results in bugs, organizations try cloud computing as they often do, the vendor takes care of it. for their application development SaaS also brings an added level of continuity of environments. Platform as a service operations assurance, because applications and user (PaaS) is a hosted approach to data are housed remotely. software development tools and the Many SaaS vendors let organizations customize underlying hardware resources needed otherwise standard applications. For instance, the to support them. Development then customer might be able to specify how the interface operates separately from critical appears to its own users in the case of customer service production environments and doesn’t apps. Most enterprises want their own logo, typography require in-house IT support. and color scheme to appear to staff and customers. CDW•G’s infrastructure as a service (IaaS) So generally speaking, SAM, as practiced for software provides new or expanded computers, acquired and maintained by the organization, doesn’t really storage, networking and other data apply to a SaaS deployment because the hosting vendor center essentials from a secure location. monitors how many licenses or users the client has. This setup lets organizations scale their But that’s not true across the board. In cases where capacity up and down quickly, using SaaS usage is assigned to specific users, the organization products from top manufacturers such may not exceed a specified number of users. That is, two as VMware, HP, Microsoft and NetApp. or more users may not be allowed to access a license. Some SaaS suppliers reserve the right to compare login records, including passwords, with the agreed- to users. Service agreements typically provide for additional payments if the software provider discovers users have exceeded the agreement.

31 chapter 6

The IT department doesn’t necessarily How scalable is the application? Each class of application have visibility into the activities of has competing vendors. Some are purposely oriented toward SaaS use within departments or small- or medium-size enterprises. They likely use a bureaus. So when undertaking a SaaS multitenant hosting setup. deployment, it may be necessary to Large enterprises may have the clout to negotiate exclusive notify users that specific terms of tenancy. That might include multiple locations to minimize network service apply and that they aren’t latency. The main consideration is whether the vendor’s allowed to exceed those terms. environment, help desk and concurrent user capabilities can accommodate needed service levels. Maintaining a Hybrid Environment Also, organizations should take into account their growth or change There are few types of software that curve. SaaS can often provision new users, or deprovision users are not available as hosted services these who are leaving or changing jobs, much more quickly than in-house days. Even software asset management staff can when applications or agents run on individual machines. itself is available as a service. Other What staff size and expertise are required? Maintenance classes of applications available as a and upgrade requirements vary among applications. The service include cybersecurity, social decision to let a vendor manage software depends on whether networking (for use in customer the staff has the skills for a particular package, or whether the surveys or satisfaction measurement) administrative overhead will overwhelm a small IT staff. and the whole area of green practices and environmental health. Preparing for SaaS Still, no realistic scenario depicts The idea behind software as a service is to offload the an organization outsourcing all of infrastructure and administrative costs of software its software needs. More likely, hosting and license management. But that doesn’t it will have a mixed environment absolve the IT department from certain tasks to make consisting of both licensed and served sure the organization has success with SaaS. software, and it will have to decide Timing is important when a SaaS solution is to replace for each application whether or not an application that an enterprise owns and operates. A the SaaS model is appropriate. hardware refresh cycle, for example, might be a logical time How does an enterprise decide to switch. Or an impending new version of the application whether to acquire licenses and host an could require an investment the organization would rather application on premise versus subscribing avoid, leading to a decision to implement SaaS. to it as a service? Determining the answer Organizational buy-in will help ensure a smooth requires going through a decision tree for transition to SaaS. Moving to subscription software each application. Ultimately, the decision doesn’t mean the elimination of IT support. But the IT should rest on a total cost of ownership group’s role will change, at least for some of the staff. (TCO) calculation. What follows are Also, some department managers might be uncomfortable some key inputs to that equation. with the idea of their critical data being stored and managed by How much customization will the a remote vendor. That’s why SaaS planning should involve all application require for the organization’s of the organization’s stakeholders. Not only will this guarantee needs? SaaS options tend to provide buy-in, but it will also ensure that the organization has the limited flexibility, so an organization information necessary to craft the best possible SLA. may choose to keep mission-critical, SaaS provides a good opportunity to review underlying IT enterprise applications in house while infrastructure. In particular, the IT department should make sure outsourcing e-mail, which typically that inbound and outbound network bandwidth is sufficient. requires little customization. On the This review is also a good time to check security and other hand, a TCO calculation might backup procedures. If an application will deal with intellectual indicate it’s worth changing operational property or sensitive information, make sure application access practices to match the capabilities controls and data protection measures are up to snuff.  of a best-in-class SaaS app.

32 This glossary serves as a quick reference to some of the essential terms touched on in this guide. Please note that acronyms are commonly used in the IT field and that variations exist.

Glossary

Bring your own device (BYOD) Clustered servers E-discovery BYOD refers to an organizational This term refers to a group of servers E-discovery is a process by which policy of not specifying the endpoint linked so that they perform as a single civil or criminal litigants seek to devices used by employees, but instead logical entity. Clustering is a technique obtain evidentiary information stored letting them use a device of their choice for building high-capacity computing electronically in opponents’ systems. to access enterprise applications. resources using low-cost servers. For compliance-related data and other Increasingly, usable devices include information that might have potential tablets and smartphones. Some policies Concurrent-user license legal implications, companies (especially require staff to pay for their own devices. This is a software licensing publicly traded ones) and government arrangement based on the number agencies maintain metadata to aid in Business Software Alliance (BSA) of users who will be using an e-discovery processes. Sometimes The BSA is a nonprofit organization application simultaneously. It allows e-discovery is conducted online, device- of major software publishers that for an unlimited number of users in an to-device, without the need to transfer promulgates license agreement organization, but limits the number large volumes of data to optical media. compliance. The BSA stresses intellectual who can work at any one time. property protection and prevention End-user license agreement (EULA) of software piracy, and it publishes Data loss prevention (DLP) EULA is the basic legal contract giving guidelines for software buyers to help DLP is a set of practices and software a customer the right to use a software them maintain compliance. Members tools intended to prevent theft, application, utility or operating system. include Adobe, Apple, Intuit and McAfee. unauthorized transfer, loss, accidental The word “license” distinguishes erasure or misuse of information. software, in that a purchaser acquires Cloud computing the limited right to use the software Cloud computing enables convenient, Deduplication but does not own the source code. on-demand network access to a Dedup is the practice of minimizing shared pool of configurable computing required storage space and network High availability resources (networks, servers, storage, bandwidth use by eliminating redundant This term refers to the viability applications and services) that can copies of data. Deduplication can of an information system that gives be rapidly provisioned and released occur at either the block or file level. users confidence that it will operate with minimal management effort when needed. The level of availability or service provider interaction. depends on the application and the

33 level of service the organization installation of special client software. Unified communications (UC) requires for users or customers. UC merges various forms of an Session Initiation Protocol (SIP) organization’s communications Infrastructure as a service (IaaS) SIP refers to standards established into a single interface over a single Provisioning servers, storage, under the Internet Engineering Task Force physical network, most often the IP routers and other data center for how voice and video messages are data network. Voice, video, instant resources as a turnkey product, IaaS is created and transmitted over the Internet. messaging and application data share a component of cloud computing used SIP helps ensure interoperability of Voice a common network. The goal of unified by organizations as a way of avoiding over IP systems and endpoint devices. communications is to lower costs, reduce the capital costs of data centers. administration and facilitate collaboration Site license among staff, users and partners. Infrastructure optimization This is a software license permitting This term refers to a set of techniques more than one user of an application at Virtualization and activities for obtaining maximum a specified location. The actual number This term refers to the abstraction performance at minimum cost from may be specified or unlimited. Site of application and operating system an organization’s data centers, licenses typically let the buyer copy the software into a single logical unit. The networks and endpoint devices. software as many times as needed. resulting virtual machine acts as a Optimization includes, but is not limited computer, but is separate from the to, consolidating IP and telephony Software as a service (SaaS) supporting hardware. This means virtual networks onto an all-IP network, data SaaS is a contractual arrangement machines can easily shift from physical deduplication and storage virtualization, under which an organization subscribes machine to physical machine over a and server and end-user virtualization. to the use of software housed and network for load balancing, security or maintained by the vendor. In a typical continuity of operations. Physical servers ISO 19770 arrangement, the organization pays a are capable of hosting 20 or more virtual This is the series of International monthly fee per user, and users access machines, resulting in greater hardware Organization for Standardization the application via a web browser. utilization and the need for fewer servers. standards that define software asset management. Software asset management (SAM) Volume license agreement SAM refers to practices for ensuring This is a method of contracting for IT Infrastructure Library (ITIL) that an organization purchases only the software when, typically, an organization ITIL is a set of best practices software licenses specifically required, will need five or more end-user licenses. for managing IT services. and that all licenses in use are paid for Software vendors offer discounts according to the vendor agreement. from single-copy pricing, depending Per-seat license License management also includes on the number of licenses needed. This is a software license specifying retrieving unused licenses from departing how many named individuals that can staff and decommissioned servers or PCs. access the software. Each individual must be specifically named. Access Software audit control is usually maintained through the A software audit is a formal directory where the program is housed. investigation by a software vendor or its designated agent regarding an Secure Socket Layer virtual organization’s compliance with its private network (SSL VPN) software licensing agreement. SSL VPN uses encryption to create a secure communication channel Software license between an endpoint outside of the A software license is a contractual organization’s physical network and the right to use software. Most licenses software resources inside. SSL VPNs have unlimited duration but place let users access files and applications limits on the number of users as through a browser so they don’t require well as the number of machines on which software can be installed.

34 Disclaimer The terms and conditions of product sales are limited to those contained on CDW•G’s website at CDWG.com. Notice of objection to and rejec- Index tion of any additional or different terms in any form delivered by customer is hereby given. For all products, services and offers, CDW•G® 19770 (software asset Microsoft licensing...... 5, 10, 22 reserves the right to make adjustments due to management standard)...... 8 changing market conditions, product/service Overprovisioning...... 4 discontinuation, manufacturer price changes, Acquisition...... 9-10 errors in advertisements and other extenuat- Per-seat license...... 4-5 ® ® ing circumstances. CDW , CDW•G and The Archiving (software solution)...... 28 ® Right Technology. Right Away. are registered Rightsizing licenses...... 7 trademarks of CDW LLC. People Who Get It™ Audit...... 8, 21 is a trademark of CDW LLC. All other trademarks Risk assessment (software solution)...... 26 and registered trademarks are the sole property of their respective owners. CDW and the Circle Backup strategies (software solution)...28 of Service logo are registered trademarks of Secure remote access CDW LLC. Intel Trademark Acknowledgement: Client virtualization (software solution)...... 26 Celeron, Celeron Inside, Centrino, Centrino (software solution)...... 23-24 Inside, Core Inside, Intel, Intel Logo, Intel Atom, Security (software solution)...... 25-26 Intel Atom Inside, Intel Core, Intel Inside, Intel Cloud computing...... 21, 25, 30, 31 Inside Logo, Intel Viiv, Intel vPro, Itanium, Itanium Server virtualization Inside, Pentium, Pentium Inside, Viiv Inside, vPro Collaboration (software solution)...... 27, 29 (software solution)...... 23 Inside, Xeon and Xeon Inside are trademarks of Intel Corporation in the U.S. and other countries. Compliance...... 4-5, 7-8, 10, 11, 20-22, 26 Software as a service (SaaS)...... 29-32 Intel’s processor ratings are not a measure of system performance. For more information please see www.intel.com/go/rating. AMD Concurrent-user license...... 5 Software asset management Trademark Acknowledgement: AMD, the AMD (SAM)...... 4, 6-8, 9-11, 31-32 Arrow, AMD Opteron, AMD Phenom, AMD Conferencing (software solution)...... 27 Athlon, AMD Turion, AMD Sempron, AMD Geode, Software asset management Cool ‘n’ Quiet and PowerNow! and combinations Contact center management applications...... 10 thereof are trademarks of Advanced Micro (software solution)...... 27-28 Devices, Inc. HP Smart Buy savings reflected Software asset management cycle...... 9-11 in advertised price. Savings may vary based on Continuity of operations (software channel and/or direct standard pricing. Available solution)...... 28 Software license (basics)...... 7 as open market purchases only. Call your CDW•G account manager for details. This document may not be reproduced or distributed for any reason. Data Loss Prevention (DLP) Software lifecycle management...... 5 Federal law provides for severe and criminal (software solution)...... 25 penalties for the unauthorized reproduction and Storage management distribution of copyrighted materials. Criminal Discovery...... 4, 10-11, 20-21, 28 (software solution)...... 24 copyright infringement is investigated by the Federal Bureau of Investigation (FBI) and may Endpoint protection Storage virtualization constitute a felony with a maximum penalty of (software solution)...... 26 (software solution)...... 24 up to five (5) years in prison and/or a $250,000 fine. Title 17 U.S.C. Sections 501 and 506. This reference guide is designed to provide readers End-user license agreement (EULA)...... 5 Telephony (software solution)...... 26-27 with information regarding software lifecycle management. CDW•G makes no warranty as to Hybrid software environment...... 32 Threat prevention the accuracy or completeness of the informa- (software solution)...... 25-26 tion contained in this reference guide nor Infrastructure management specific application by readers in making deci- (software solution)...... 24 Underprovisioning...... 4 sions regarding software lifecycle management. Furthermore, CDW•G assumes no liability for Infrastructure optimization Unified communications compensatory, consequential or other damages (software solution)...... 23-24 (software solution)...... 26-28 arising out of or related to the use of this publi- cation. The content contained in this publication represents the views of the authors and not IT Infrastructure Library (ITIL)...... 8, 10, 22 Virtualization...... 5, 23-24, 29 necessarily those of the publisher. License management...... 10, 20-22 Volume license agreement...... 5 © 2012 CDW Government LLC All rights reserved. Messaging technologies (software solution)...... 27

35 may 2012 about the contributors

Andrew Hitchcock is Practice Architect for the Unified Communications (UC) solution team at CDW. A UC veteran, Andrew has been working with Microsoft UC since Exchange version 4.0. He guides CDW’s participation in the Technology Adoption Program (TAP) and closely interacts with the Microsoft product teams for Exchange and Lync. Andrew directs the technology roadmap and strategy for the CDW UC practice, provides indirect pre-sales support for the Microsoft UC technical specialists and offers direct support for customer-driven strategic opportunities.

Pat Simpson has been with CDW since 2005, working on the Server & Security delivery team and progressing up to a technical lead position. The past two years, Pat has been Practice Architect for the Server & Security team, where he currently provides guidance for pre-sales and sales in the various server and security technology areas.

Look inside for more information on: • Navigating software license compliance • Determining the most efficient licensing scenario • Choosing the right software solution • Managing a SaaS-licensed software hybrid environment

SCAN IT CDW•G Gets Software Licensing and Management Download a QR code reader on your mobile device to scan and view.

800.808.4239 | CDWG.com/softwareguide 120508 108720