Challenges and risks related to the management of licensed software based on users
Part one - Software Asset Management
User-based software licensing model seems to be one of the most popular one amidst numerous existing license metrics. As part of the deal, software producers offer many license metrics, which on the one hand provide great flexibility in terms of adjusting the licensing manner to the client’s needs but on the other make the licensing management process much more complicated. The multitude of offered measures gives rise to other problems connected both with the lack of uniform standards as well as precise, universal and generally accepted definitions of measures. As a result, license metrics offered by two different producers but bearing the very same name may in fact operate under completely different rules. Moreover, under some scenarios, end users have to monitor the license utilization level on their own, manually or with the use of proprietary solutions, which is key to ensure license compliance.
In brief I will try to discuss the most popular user-based license metrics and most typical licence-related problems. Due to lack of consistency between the licensing terms and conditions offered by different software producers, it is not possible to develop a universal classification of user-based license metrics. Thus, for the purpose of this article, I suggest a proprietary classification divided into two groups. The first part of the article will be focused on metrics classified on the basis of user calculation manner, while the second one will be dedicated to metrics classified on the basis of imposed limitations or license purpose. The classification and its characteristics presented here are just an overview of the problem - license issues regarding individual software providers will be discussed in detail in the upcoming articles.
1) Classification based on user calculation manner:
a) license metrics based on a named user,
b) license metrics based on a concurrent user.
2) Classification based on imposed limitations or license purpose:
a) license metrics limited geographically,
b) license metrics limiting the program functionality,
c) license metrics taking into account relations between the user and the company,
d) license metrics taking into account the frequency of program use.
The classification based on user calculation manner: license metrics based on a named user:
Named User / Authorized User. In the case of these license metrics, a license enabling the use of a given program or access to the program is permanently assigned to a unique user (a natural person). However, it is essential to make a distinction whether a license is required to use the program or to have access to software or its individual functions. It is also worth mentioning that detailed licensing provisions may impose additional limitations. SAP BusinessObjects BI Platform may serve as an example as following 4.1 Support Pack 10 or BI 4.2 Support Pack 4 versions every named user can open up to ten sessions.
License challenges and risks:
- Providing too many users with access: in the event when a given license is required for every user with access to the software (regardless of whether they do use the software or not), the existing environment configuration at the level of authentication mechanisms may result in exceeding licence limits. The application of SSO (single sign-on) mechanisms for web applications (e.g. IBM Cognos) may serve as a good example: if no additional access restrictions are used (e.g. additional authentication at the program level or network limitations) it may happen that all the persons with active accounts in the catalogue service will need a license for a given program even though just a small group of users is actually using the software.
- Generic accounts: it is common practice, especially among users being system administrators, that several people share one account. Although such practice is convenient for a user, it poses a licensing risk as it may happen that an organization is in fact using more licenses than the number of accounts, through which users have access to the program, would suggest.
User change: in most cases a license assigned to a specific user can’t be used by other users, but should any organizational changes take place or an employee leave the company, the assigned licences may be transferred to another user once requirements specified by the producer are met. One of more typical licensing approaches entails the necessity to wait a specified amount of time following the last use (e.g. 90 days for Citrix) before the license can get reassigned to a different user. Similar period must elapse before an already used license can be deemed inactive and excluded from the pool of all the licenses used by the company (for Micro Focus the required period is 120 days). Failure to adhere to those rules involves a risk that an organization will require a greater number of licenses than the number of users, who have access to the software, would suggest.
The classification based on users calculation manner: license metrics based on a concurrent user:
Concurrent User/Floating User - is a licensing metrics defining the total number of users who can simultaneously use a given software. Many software producers use the names Concurrent User and Floating User interchangeably but it is not a rule, e.g. there are two separate metrics for IBM software - in the case of the Floating User license if a user has simultaneous access to several program installations (directly or indirectly) each of them requires a separate license, while for Concurrent User various sessions of the same user at the same time (on different devices) do not require separate licenses. Importantly enough, under this licensing model many producers offer an automated license management system, for instance a dedicated licensing server responsible for license distribution among users - in this case every logged-in user receives a licence from the available pool of installed licenses and once the license is no longer in use it is returned and can be used by another user. It can be available for use immediately or after specified time (e.g. after 24 hours) indicated by the software provider in the license terms and conditions. Nevertheless, an integrated monitoring system is not a common feature and its lack may pose material licensing risk for the organization.
License challenges and risks:
Licenses not managed by a licensing server:
- Lack of an integrated mechanism to monitor the license use: for some of the products offered by software providers (e.g. IBM), producers do not deliver any out-of-the box solutions that would allow to monitor the license use; moreover, sometimes there is no mechanism that would inform about approaching or exceeding the license limit. Such a situation poses a considerable risk from the license perspective, especially as Concurrent/Floating User licenses are usually several times more expensive than their Named/Authorized User counterparts. Such risk can be mitigated through the introduction of one’s own methods to monitor the current license use (e.g. with the application of an external software to manage and monitor licenses).
Licenses managed by a licensing server:
Impassable license limit: once the limit of available licences is reached, server may not allow other users to access software - they will not be able to use the program until occupied licenses get released (e.g. Micro Focus Asset Manager). This type of solution is safe from the risk of exceeding license entitlements, yet may pose a business risk - e.g. when the necessary number of licences to applications of key importance for the company’s operational continuity has been underestimated.
NOTE: Software producers adopt various approaches to the issue of exceeding the number of available licenses. In some cases (e.g. Citrix) users can exceed the number of available licenses by 10% and under the licensing terms and conditions, the end user is obliged to purchase the missing ones within 30 days from exceeding the limit.
- Irregularities in server’s functionality: the problem of so-called “zombie licenses” (e.g. Micro Focus) related to the lack of a possibility to return a license to the license server in the event when user’s device froze. The above circumstances may lead to a situation when organization is left with fewer licences than it has actually purchased.
This article provides a summary of one of the most significant license limitations and threats with respect to Authorized / Named and Concurrent / Floating User type license metrics. Even though the presented matters address the most popular challenges in this area, certainly there is more material for in-dept considerations with a view to other challenges resulting directly from detailed provisions of licence agreements offered by individual software producers.
The second part of the article will focus on challenges and risks with respect to managing software licensed on the basis of users in the context of license metrics classified with a view to imposed limitations or license purpose; next, we will sum up key findings from both parts of the article.
Software Asset Management is an essential element of the IT area in every company, not only from the perspective of cost optimization but also with a view to improvement of systems and applications security. SAM combines technology, competencies, processes and reliable data.