Wednesday, December 27, 2006

Licensing: Year-end Software License Compliance

Having recently gone though a software licensing inventory update , I thought that since it's year-end for a lot of people, I'd let you know what we do internally - as well as link-up some tools and suggestions. That said, I'm very interested to hear how readers approach and manage licensing issues so feel free to comment.

First of all, and I think everyone knows this... there are lots of tools to help you manage software licensing. So perhaps the first thing to consider is the size of your environment. If you have a small to midsized network - say even up to a few thousand machines - than there are many low/no-cost options available to you. If you're in a large environment... tens-of-thousands or more users, than you probably should be going with an enterprise-class solution. While we do work for some large clients - and manage some powerful tools for them like BigFix - internally, we're still in the small-to-midsized category. So that's where I'll focus.

For us, everything starts with my my AD-COIT hardware/software inventory script that I created to help me automate some of this effort. Consider grabbing a copy and trying it out yourself. I run it, and it just outputs a report - one that I've customized a bit for myself. But perhaps you want something with the Microsoft stamp of approval... then check out the Microsoft Software Inventory Analyzer (MSIA)... it's purpose-built for software inventory work. The reports are great, and the only real downside is if you support an application stack that has a lot of non-Microsoft applications, in that case you might not see everything you need with MSIA.

Next, I look at the last few lines of of the AD-COIT output to see if any computers failed to respond, or perhaps were out of the office. Since the script runs in real-time, it won't catch systems that are persistently out-of-the-office and for this group, there are a few options... what I do is create a global-group of "out-of-office" users, and scope a GPO to run a login-script that updates .txt files on a hidden share whenever users in this group are in the office. In practical terms this means looking a handful of text files and and doing a bit of manual consolidation to update my license counts.

Finally, I dump everything into a spreadsheet and compare it with our licensing information to produce a report of "Licenses in use", verses "Licenses Owned", which I then use to drive decision making and software budgeting. These inventory checks are done on a scheduled, quarterly basis, and it keeps us up-to-date in terms of compliance.

There are other good tools available as well... Spiceworks 1.0 for instance does a ton of useful stuff, has good reports, and is essentially free. I've tested it a bit, but haven't added it into the mix for licensing checks. Long-term for us, I think BigFix is actually going to make a lot of sense for us to deploy internally. Besides license discovery, it is very powerful agent-based patch-deployment and reporting tool that works in near-real-time.

How do you manage software licensing compliance?

No comments: