The complex world of Software Inventory

In my previous blog, I promoted the concept of ISO 19770-2 tags.  But, I did not get deep into the reasons why I think they are so important.  Let me fill in some of the blanks.

In my many conversations with IT professionals, I noticed that outside of Software Asset Managers, few people understand why Software Asset Management (SAM) is so difficult.  And I am not surprised.  And the reason is rather obvious – we know what software is on our own machines.  By extension, we think that IT should also be able to find out what is installed on all IT managed machines.

Here is why this is not so.

  1. There are no universal standards to enable a reliable and complete discovery of software.  Not all applications report themselves to the OS – even on Windows. The file header information, the registry, WMI and Add/Remove Programs information in Windows is not consistent and reliable, although still miles ahead of Linux and UNIX.  I do have to give some kudos to Microsoft for having the most effective standards.
  2. There is no universally standard way to install applications.  There are many installers, and there no universal way to extract information from the installer – again, the situation is the better on Windows than other OSs.
  3. There is no single approach that can discover all software.  Some applications can be identified using file-based recognition, others require scripts, etc.

I have seen various attempts at solving this challenge.  Just talk to different asset management vendors.  You will hear about thousands of recognition entries (or signatures, footprints, etc).  You will hear about pulling data from OS sources and custom modules for identification of individual applications, but I bet that not one company can say they can discover all applications (unless they mean to provide a list of all files on each file system, but that is not exactly what we are interested in, is it?).

And here is another thing – none of us want to spend any time or money in the trenches.  We want Software Asset Management; we want it now and at a minimal cost. But, how do you manage your assets without proper discovery?  It’s like trying to drive a car with no wheels.  It may feel great to sit in it, but it won’t get you far.  Software discovery or inventory is the foundation – without it, you cannot do SAM.  But if we don’t want to invest in it, means we must find a common way of collecting the information.  This has to be something that is OS independent, it has to be something that is vendor independent.  It also has to be something that is quick and easy to do, because everyone, customer and vendor, is watching their expenses these days.

And that, my friends is why I am so passionate about promoting the ISO 19770-2 standard.  It is vendor and OS independent.  It is quick and easy to adopt (relative terms of courseJ).  There is even an organization that can help create and sign these tags – TagVault.org. It is a standard that can be universally adopted.  And it is time we had an adopted standard.  Trust me, I would much rather think about how to create an innovative user experience, or look for ways to adopt some new wiz-bang technology, than spend my days creating file-based software recognition entries.

I recall a conversation I had with one of my customers about SAM.  This particular gentleman is a manager of a large IT shop that has in-sourced its asset management.  His customers don’t understand how difficult it is to collect software inventory information.  He knows there is no magic bullet to solve the problem.  But, until this standard, he did not see much hope.  He thought that the only way to get software vendors to provide a way to track their software was through courts.  I am not sure if you have noticed, but many software vendors are now investing resources in license compliance audits.  Reason is simple – they are not selling as much as they used to before the recession (everyone is tightening their budgets and software expenditures are finally being scrutinized).  So, how do you make up a revenue shortfall?  One word – Audits.

His wish may yet come true – I think that if ISO 19770-2 gets adopted, it will force all vendors to compliance – the legal system that is fully behind the license agreements today may suddenly wake up to the fact that in some cases software identification is incredibly difficult, almost as if the vendors were purposely making it difficult.  I am not saying that is so by any means, but our legal system may decide that it is unfair that a particular vendor is not adopting a common standard and therefore putting undue pressure on the customer to track their software installations.  And I have yet to meet a customer who is not bewildered by the challenges that software discovery/inventory presents in their daily lives.  Like a real life Sisyphean task (even though they cannot tell you what they are being punished forJ).

But anyway, let me get off my soap box – I am getting long winded (and I know those who know me aren’t surprised).

But, ISO 19770-2 is only a part of the Software Asset Management challenge – it’s a start.  But then, we will need to get behind ISO 19770-3.  But that is another topic, for another time.   Hope you enjoyed this post – I promise/threat to write more.

Comments
Martin_Macke | ‎07-18-2010 01:06 PM

Hi Daniel,

I couldn't more agree with your blog above. Software discovery currently is very difficult and the license contracts are as complex as possible. However I think that HP is not better than every pther company here. So maybe you make a start, tag all of the HP software, on windows HPUX and wherever it is possible. Also the license contracts at HP are not better than anywhere else so please start here and make them so simple that the might be put into a ISO 19770-3 tag.

 

Martin

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Featured


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.