IT professionals must remember that a tool does not understand the rules
Many software license management tools claim to be certified by Oracle, Microsoft, IBM and others, but none actually are. For example, Oracle’s LMS page does list a number of tools, but only as supplements, not as certified tools, and they often miss 90% of Oracle products.
“Tools from the following vendors have been verified to provide the required data set to supplement a LMS engagement. The scope of the verification process only covers the data collection related to the installation and usage of specific Oracle products, namely Oracle Database and the associated Options. The verification does not include any other Oracle products or the overall capabilities of the vendor’s solution… Please note that the installation and usage of a tool from a verified vendor does not replace an Oracle License Audit or True Up engagement or revoke Oracle’s contractual right to perform a License Audit or True Up.”
IBM has similar language in their rules. “ILMT is a mandatory IBM requirement for all IBM customers who take advantage of sub-capacity licensing, regardless of whether they utilize third party reporting tools.”
Microsoft’s Software Asset Management (“SAM”) program is an audit, albeit a “friendlier” one. In such an engagement, Microsoft will tend to accept the output of virtual any tool. However, if this information is inadequate or incomplete or otherwise not acceptable to Microsoft, the customer could be compelled to use a Microsoft product. These might come in the form of the for-fee subscriptions or products of Enterprise Mobility Suite, Intune, or System Center. Or, in their absence, the Microsoft Assessment & Planning (“MAP”) Toolkit which a free of charge.
But in the case of a formal audit involving a partner (e.g., KPMG, Deloitte, etc.), Microsoft will equip the auditor with a discovery tool. These scripts are typically executed by a member of the audit term (versus by the customer). Sometimes the audit partner has a tool that Microsoft has certified for use in lieu of the Microsoft tool. In this type of engagement, the output of these tools is the only acceptable one.
IT professionals must remember that a tool does not understand the rules. They can lead to false positives, identifying assets as licensed, even when they are not. Most importantly, software asset management tools don’t understand the context of the software as it’s being used in the business, or if the product is being over used or underutilized.
Don’t let these SAM tools give you a false sense of assurance. No tool is a substitute for expert research, evaluation and validation. If you’d like to speak with a Miro Expert about your use of SAM tools, and how Miro can help evaluate your risk of an audit, contact us today.