Is Flexera’s Initiative with Microsoft a Silver Bullet for Software Audits?
Microsoft and Flexera recently announced a joint initiative that the two companies have touted as a way to transform “the software supply chain” through the use of a standard set of software asset management (SAM) solutions. By deploying Flexera’s FlexNetManager Suite with Microsoft’s Intelligent Asset Manager, the goal is to create an “agreed upon ELP baseline,” which presumably would be confirmed in a license agreement as the basis for present and ongoing license orders. In a recent presentation at Microsoft Inspire 2017 in Washington D.C., Flexera CEO Jim Ryan described the new program as being analogous to electricity service. Electric providers do not conduct audits to determine how much power their customers are using – they merely attach a meter to the supply line and bill according to the meter. (More information regarding the announcement is available here.)
This announcement is just the latest in a trend of developments within the industry obligating software customers through contracts to utilize specified SAM tools in order to ensure compliance with licensing rules. (More on that topic is available here.) Here, while Microsoft (for the time being) will be offering its customers a choice, those that opt in likely will be contractually obligated to deploy and maintain the Flexera-Microsoft tool within their environments.
Microsoft’s customers would be well-advised to cast a wary eye upon the touted benefits of the announced program. Here are just a few reasons why:
- Near-Term Exposure – The first practical step in implementing this new licensing paradigm necessarily would be the deployment of the Flexera-Microsoft tool within the licensee’s IT environment, all the while almost certainly with Flexera and/or Microsoft looking over the licensee’s shoulder (if not steering the ship). Once that implementation is complete, the initial baseline reports will be generated, and Flexera / Microsoft (Flexerasoft?) instantly will see whether and to what degree the solution indicates that the company currently is out of compliance. Since the (now-audited) company already likely will have agreed that reporting from the solution constitutes proof of usage, the company could be required to remedy any shortfalls with an immediate license purchase. Microsoft is notorious for not allowing customers to remedy inadvertent excess usage through uninstalling software or reconfiguring infrastructure. License purchases almost always are the only remedy for reported over-consumption, and there is no reason to believe that there would be a different outcome in this case.
- Long-Term Exposure – What exactly will this tool be measuring? As I previously wrote, one of the principal concerns associated with Microsoft’s recent promotion of Unified Logic’s Movere tool is the fact that Movere purports to measure the high-water mark of a company’s software utilization over a reporting period. Since “usage” of many server products can spike unexpectedly or inadvertently due to asset reconfigurations or other factors that are not associated with actual, additional usage of the software, that kind of a reporting model can result in a company paying substantial, additional license fees that are not tied to any value derived through additional use of the software. Furthermore, it appears that the Flexera-Microsoft solution will be updated automatically with new libraries for software recognition and license-consumption calculations. Given the fact that Microsoft retains the right to unilaterally update its licensing rules, this effectively could give Microsoft to unilaterally modify the licensing rules applicable to a company’s usage of a Microsoft product whenever any new version of that product is installed anywhere in the environment. As companies that use SQL Server and Windows Server can attest, it typically is not the case that Microsoft’s introduction of new license metrics results in savings for Microsoft’s customers.
- SAM Tools Can and Do Fail – All tools. It is basically impossible to create a single tool capable of measuring software utilization perfectly in all IT environments. There are simply too many variables. To the extent that any tool vendor purports to be able to result in utilization reporting each and every time, that vendor’s tool likely incorporates consumption calculations that resolve all doubts and data-collection gaps based upon a programmed set of assumptions. Since Microsoft, in effect, is doing the programming, there can be little doubt about in whose favor those doubts would be resolved. Furthermore, all of that assumes that there are no irreconcilable obstacles associated with a company’s security protocols or other infrastructure characteristics that prevent the tool from functioning without substantial changes or risk to that company’s operations. If that company has contractually committed itself to deploying the Flexera-Microsoft solution, but discovers that it cannot do so without compromising its IT policies or procedures, what then? The answers to these sorts of implementation-related concerns presumably would (or should) be spelled out in the applicable license agreements, but it remains to be seen whether or to what extent Microsoft would accept modifications to those terms.
If there is a universal truth when it comes to software asset management, it is this: SAM is a process. It is not a tool. The more companies focus on tools, regardless of whether those tools are mandatory or elective, the less nimble and adaptable those companies will end up being when new licensing challenges arise. Of course, all licensees need to have a way to efficiently confirm what products are deployed in their environments and how much of those products they are using. However, the right way to arrive at that answer is going to be different for each company. To assume – in a contract – that a single tool is the right and only way to arrive at that answer is ill-advised on many levels.