Managementul activelor software
-
Upload
rafaeloros -
Category
Documents
-
view
20 -
download
0
description
Transcript of Managementul activelor software
-
Agenda
What is SAM?
Benefits of SAM
New types of SAM engagements
Q&A
Software Asset Management
Mihaela MIHAIEPG SAM Manager
SAM
-
What Is Software Asset Management (SAM)?
SAM is a global industry standard
ISO/IEC 19770-1
Endorsed by Microsoft and many others
ITIL best practice guide on SAM
All of the infrastructure and processes necessary for the effective management, control, and protection of the software assets within an organization, throughout all stages of their lifecycle.
SAM is an integral part of the control framework for any well-run organization
Following SAM best practices results in better information for decision making and a higher degree of operational excellence; ultimately driving long-term business value.
-
SAM Can Help Companies
Control Optimize Grow
Regain control of
systems
Reduce technology conflicts and increase stability
Manage legal liability
Help protect and secure IT infrastructure
Improve back-up and recovery plans
Save money
Consolidate license purchase points
Improve negotiating position
Improve system, user, and help desk performance
Optimize efficiencies
Increase standardization
Better market
position
Better budget predictability
IT best practices that drive business value
Insight into company assets
-
SAM Program Value Adds
-
Engagement
ApproachFocus on enabling long term capability and best practice adoption
Promote and deliver resources, tools, knowledge, and training
Work through partners to deliver better business intelligence and analytics
-
SAM Baseline Review
Inventory deployed software Match installations with licenses
...build a detailed report on your current state
Microsoft
-
SAM Baseline Review
Collect information and review
policies and proceduresIdentify improvement opportunities
-
How well are software
assets managed today?
Where do
improvement
opportunities
exist?
What adjustments
need to be made.
The Path Forward
-
Cloud-ready Engagement
Todays technology trends are sparking opportunity
70% of CIOs will embrace a cloud-first strategy in 2016.
Moving data and business processes to the cloud offers several advantages over a traditional enterprise IT environment. Transform your datacenter while reducing cost, complexity, and non-compliance risks.
A cloud strategy should address cost reduction, increased agility, and improved scalability
A Cloud-ready SAM engagement is a crucial
first readiness step.Understanding the current environment and future roadmap is critical to
determining the right path. You first need to know what software you already
have rights to, starting with a comprehensive application inventory.
Based upon this, you can:
Develop your adoption strategy
Identify required characteristics of remaining applications
Prioritize and identify candidates for the cloud
Adopting SAM principles eases the application inventory process, identifying license and usage patterns.
-
SAM supports cloud readiness
Process discipline helps reduce corporate riskEase of purchasing and deploying cloud services can lead organizations to unanticipated results:
SAM best practices can facilitate cloud adoption by providing the systems, processes, and management structure so organizations can make the right strategic decisions to achieve their long-term cloud goals.
Over-provisioning can occur when users receive services they dont want or need.
Under-licensing can occur when services are added or consumed but not accounted for in a centralized way.
A mix of on-premises and cloud solutions can cause confusion; not all on-premises solutions have cloud options available.
-
Best practices for cloud readiness
Fully define your goals. Organize around long-term organizational
objectives.
Build internal alignment. Management, IT, Procurement, and other stakeholders all play a part in creating an environment for success.
Avoid surprises. Increase awareness of all impacts of cloud adoption, including changes to licensing and budgeting.
Take control. Ensure needed processes are in place internally.
-
SAM for SQL Workloads Engagement
The datacenter is the hub of everything you offer your business.
With software asset management, or SAM, you can gain the insights into your SQL environment you need to:
Align SQL Workloads to better meet future needs.
Transform your datacenter while reducing cost, complexity, and non-compliance risks.
Modern SQL environments can be very complex.
A SQL Workloads engagement can help an organization:
Identify underutilized SQL Servers.
Optimize workloads to avoid unnecessary costs.
Gain clarity about their IT environment.
Align IT, procurement, management, and other activities around organizational goals.
Create the necessary processes for improved governance.
Reduce risks associated with non-compliance.
Develop a solid foundation for future evolution of the IT environment, based upon a clear understanding of the existing infrastructure.
-
Use SAM to
help optimize SQL Workloads
Adopt best practices to optimize SQL workloads:
Limit the number of CPUs and cores for increased cost
savings.
Consolidate workload instances and databases
onto fewer servers to reduce licensing costs.
Isolate production vs. development environments.
Consider moving to dedicated Host Clusters
licensed via Enterprise for unlimited virtualization.
Strengthen policies, increase standardization
and gain insight into company assets while
improving internal licensing communication.
Establish a solid foundation for achieving future
organizational objectives based upon a clear
understanding of your SQL environment.
-
Virtualization SAM Engagement
A Virtualization SAM Engagement provides customers with a strategic virtualization
strategy by assessing existing virtual environments and identifying opportunities to
optimize virtualization.
Customers are looking to invest in server, desktop, or application virtualization to: Reduce costs
Improve business continuity
Increase business agility
The simplicity of adding and accessing virtual servers and desktops can lead
organizations to unanticipated results: Over-provisioning can lead to under-utilized virtual machines and significant license responsibility.
User device connectivity to virtual machines and applications can create additional license complexities.
Licensing of virtual environments can be more complex than physical environments.
Benefits of a Virtualization SAM Engagement Increase the business value virtualization can provide based on an
analysis of your current virtual environment.
Helps you to strategically plan for virtualization implementation.
Provide increased security through further server consolidation.
Maintain control of existing virtualization environments.
Implement policies around virtualization management.
-
Virtualization SAM Engagement
ROI Analysis: Consider how virtualization can impact your bottom line.
Hardware
ExpenseSpeed of
Provisioning
IT
Resourcing
Energy
Consumption
Software
InstallationsBusiness
Agility
Facilities
Use
Disaster
Recovery
-
Recommended
policies and
procedures for virtualization
Configuration planning
should be completed prior to
deploying virtual servers to
support controlled
provisioning.
Company policy should
address the use of bring your
own devices (BYOD) and
remote access.
Corporate log in credentials
should be employed to
access the virtual desktop or
applications.
A SAM manager or auditor
should be assigned to
oversee the configuration
planning process.
The IT department should
maintain an inventory of all
VMs regardless of if they are
active or archived.
Establish a solid foundation
for achieving future
organizational objectives
based upon a clear
understanding of your Virtual
environments.
-
Non-production Environments SAM Engagement
Modern non-production environments: characterized by change.
It can be difficult for an organization to:
Understand how non-production systems are deployed, developed and tested upon, decommissioned, and rebuilt
Get a clear picture of the organizations software footprint
Understand the licensing subscriptions available
Understand who needs to be licensed
Benefits of a Non-production Environments
SAM Engagement: Gain a better understanding of how developer tool licensing works
Receive value from your licensing investments
Reduce costs through operational efficiencies
Incorporate standardization across management of company assets
Improve internal licensing communication
Establish a solid foundation for achieving future organizational objectives
-
Non-production environments SAM engagement
Report on
key findings
and
guidance
We will review with you:Non-production vs. production: Discuss differentiators between non-production and production environments and updates to product use rights (PUR).
Common licensing mistakes: Review common over-licensing and under-licensing mistakes.
Licensing options: Walk through challenges of managing licensing and licensing options available.
Best Practices: Review best practices for navigating the non-production environments, managing software licensing subscriptions and consolidation of non-
production environments.
Policies and Guidelines: Based on our findings we will have a good understanding of how we can help your organization create policies for managing
your non-production environments going forward.
-
Under-licensing mistakes that are commonly made
Buy Cheap, Use Expensive
Buy Few, Use Many
Expired MSDN
Unlicensed Outsourcing
MPN Benefit Misuse
Incorrectly LicensedNon-production
Customer uses more products than they purchased and fails to order/True Up
Customer without active MSDN subscription uses latest version of product
Customer uses outsourced development workforce internally and neither party pays to license those users
MPN partner uses MPN licensing to provide software development services and/or exceeds MPN benefit entitlement cap
Customer uses MSDN software on Development/Test servers without licensing all users reaching those environments
Customer uses higher product edition(s) than they purchased and fails to order/True Up
-
Over-licensing mistakes that are commonly made
Buy Expensive, Use Cheap
Buy Many, Use Few
Wasted MSDN
Overlicensed Outsourcing
Wasted MPN Benefit
OverlicensedNon-production
Customer purchases Premium and/or Ultimate editions but Administrator fails to assign and users cannot access
Customer uses fewer products than they purchased and fails to deploy or renew down, renews unused software
Customer with an active MSDN subscription does not take advantage of new version, Office production* and Azure use rights
Customer uses outsourced development workforce internally and both parties pay to license those users due to miscommunication
MPN partner qualifies for MSDN benefits but does not take advantage of them
Customer purchases or renews more MSDN subscriptions than are needed in order to license all users reaching those environments
-
Cybersecurity SAM Engagement
You cant protect what you dont know.A Cybersecurity SAM Engagement provides a view of what software is deployed to identify areas of potential
risk and high-level guidance on cybersecurity programs and policies to help enable good IT software asset
management.
Benefits of a Cybersecurity SAM EngagementEstablish a solid foundation for securely managing software assets that promotes
good cybersecurity preventative practices in a holistic, integrated way.
Become better prepared in order to build a resilient, adaptive IT infrastructure that
can respond to threats.
Support an effective defense against attacks through added policies
and controls.
Decrease costs from data loss, fraud from theft, loss in revenue, labor, support,
employee downtime, cost to locate and reinstall lost data, customer support, and
negative impact to reputation.
-
Frequently install security updates for all software. This is the simplest, and perhaps most effective, way to protect an organization
Keep anti-virus software active and up-to-date. Run frequent security scans.
Whenever possible, use the newest versions of applications. They typically have much stronger security features.
Manage Active Directory roles and access. Validate the configuration management of applications to ensure there are no security gaps.
Monitor what software and devices employees bring into the workplace and the network environment. A successful BYOD program needs to take into account data security risks.
Carefully manage the supply chain. Understand threats that can be introduced in procurement, configuration, exception management, and disposal.
Deployment Considerations for a Secure IT environment
-
Pirated software puts computers and data at risk.
Only devices with genuine Microsoft software get important software updates needed to operate reliably and protect from malware often found in counterfeit software.
Tips for safer shopping
Make sure you are getting what you paid for. Buy from a reseller you trust.
Use a secure payment method.
Beware of Product Keys sold separately.
The best way to get everything you expect up front is to buy genuine Microsoft software preinstalled on a new PC or from an authorized reseller.
Genuine Software
-
Managing vulnerabilities
through proper patch
management
Topics covered by SAM Policies and Processes
Example policy: Laptops, workstations, and servers
must be configured so that they will not auto-run
content from removable media, like USB tokens (i.e.,
"thumb drives"), USB hard drives, CDs/DVDs, FireWire
devices, external serial advanced technology
attachment devices, and mounted network shares.
Aligning Active Directory
to the current threat
environment
Creating and managing
an authorized software
media library
Establishing protocols to
secure devices
Instituting proper
permission management
Training Employees,
vendors, and others
accessing organizational
resources
Addressing change
management
-
Mobile Device Management SAM Engagement
Use a Mobile Device Management SAM Engagement to:
Leverage mobility to increase your competitive advantage
Increase productivity and security while controlling costs
Be informed: know who is using what and how
Tailor your mobility strategy to securely meet your organizational needs
Align licensing to actual usage
Become empowered to make the right decisions for the organization with an accurate picture of mobile device use.
Mobility is the new normal.
Change is being driven by the proliferation of consumer devices, the flexibility provided by the cloud, an
explosion of data, and a natural shift as people adapt to an always-connected world.
While there are many benefits, there are also concerns for both user-supplied and company-owned
mobile devices. Top concerns are security and licensing optimization.
-
Deployment Considerations
Selecting the right management platform now includes looking at how well it matches your mobile device management needs and objectives for the organization.
-
Licensing Considerations
User Device Location
Is the user covered by the
Microsoft Core Client Access
License (CAL) Suite or the
Microsoft Enterprise CAL Suite
on a per-user basis?
Is the user the single primary
user* of the device?
Can the organization easily
identify the primary user of the
device?
Is the device covered by the Core
CAL Suite or Enterprise CAL Suite
on a per-device basis?
Is the device running a qualified
Microsoft operating system?
Is the device a qualified device or a qualified third-party device?
Is the device accessing a virtual
desktop infrastructure (VDI)?
Is the device owned by the
employee or the organization?
Will the user access the software
on the corporate premises (on-
site)?
Will the user access the software
remotely from outside of the corporate premises (off-site)?
-
Topics covered by SAM Policies and Processes
How much control do
you want to maintain
over user-owned
devices?
Example policy: The IT department reserves the
right to approve accessibility or refuse
connectivity for any personal devices that do not
meet security and software requirements as
defined by corporate policy.
What constitutes
acceptable use of
corporate IT resources
on user-owned mobile
devices?
How are devices
authenticated?
What data and apps can users access?
What are the minimum security controls that are
required?
Can you identify the
employees, vendors, and
others accessing
organizational
resources?
How effective is your security awareness
training?
-
Benefits of a strong SAM process
PCs / Users
Servers / CALs Devices
A strong SAM process helps control all
licensing across the hardware life cycle
Complex IT environments and licensing
options drive risk of license mismanagement
Take Inventory: Find out what you already have.
Get Organized: organize all your software licenses and documentation.
Create Policies & Procedures: Establish standards and guidelines for all phases of the hardware and software lifecycles
Maintain your SAM Plan: Keep your plan current through regular spot checks, inventories, and employee training.
-
Next Steps and Q&A
-
Software Asset Management.Implementare si recomandari ulterioare
-
Planul de proiect
-
Operating System Name and Version Installation count Percentage
Microsoft Windows 7 Ultimate 2 1%
Microsoft Windows 7 Enterprise 16 5%
Microsoft Windows XP Professional 133 39%
Microsoft Windows 7 Professional 42 12%
Microsoft Windows 7 Home Edition 2 1%
Microsoft Windows 2000 Professional 114 33%
Microsoft Windows Vista Business 32 9%
Microsoft Windows 8.1 Professional 2 1%
Total 343 100%
2 216 0
133
95
42 42
2 2
114 114
32 322 21
0
20
40
60
80
100
120
140
Installation count Invoices
Instalari Windows vs achizitii
Microsoft Windows 7 Ultimate Microsoft Windows 7 Enterprise Microsoft Windows XP Professional
Microsoft Windows 7 Professional Microsoft Windows 7 Home Edition Microsoft Windows 2000 Professional
Microsoft Windows Vista Business Microsoft Windows 8.1 Professional
-
Recommended Hardware Upgrade To Minimum
Increase System RAM 114
Increase Hard Disk Free Space 24
Upgrade Graphics Card 33
50%49%
1%
Client computer readiness for Windows 8
Ready for Windows 8
Not Ready for Windows 8
Insufficient Data
-
Solutii de securitate
34%
46%
4%
9%
7%
Instalari solutii de securitate
System Center Endpoint Protection
Kaspersky Enpoint Security
Microsoft Security Essentials
AVG Antivirus
Avast Antivirus
-
Realizarea unei baze de date cu toate informatiile descoperite in cadrul procesului de SAM si actualizarea datelor din acest centralizator ori de cate ori sunt realizate modificari
-
Responsabilizare utilizatori
-
Implementarea unui sistem unitar de codificare a tuturor PC-urilor in retea, de exemplu: Locatie-Departament Initiala Prenume&Nume
Implementare Microsoft Active Directory pentru toate PC-urile si inlocuirea licentelor de tip Home cu versiuni Professional pentru integrarea tuturor statiilor in Microsoft Active Directory
- Management centralizat al politicilor de securitate implementate;
- Reducerea costurilor de exploatare prin folosirea noilor facilitati de administrare si de optimizare a traficului de
retea;
- Automatizarea setarilor de securitate;
- Securizarea implicita a noilor servere ce vor fi integrate in infrastructura informatica;
- Administrarea utilizatorilor si resurselor se face de la o singura consola;
- Controlul strict si monitorizarea accesului la resurse;
- Definirea unor politici globale pentru utilizatori si pentru statiile de lucru;
- Restrictionarea utilizatorilor;
- Single sign-on pentru utilizatori;
- Prevenirea modificarilor configuratiei desktop de catre utilizatori.
Active Directory
-
- Management centralizat al politicilor de securitate implementate;
- Distribuirea aplicatiilor si sistemelor de operare;
- Software Update Management. WSUS integrat;
- Inventar software si hardware cu istoric;
- Evidenta frecventei folosirii aplicatiilor;
- Raportare detaliata;
- Upgrade usor pentru sistemele existente si instalarea de la zero pentru noile sisteme;
- Suport pentru diferite tipuri de client (desktop, notebook, server, mobile);
- Descoperirea sistemelor vulnerabile si non-compliante cu politicile organizatiei.
Implementarea unei solutii pentru managementul unitar al statiilor de
lucru in retea System Center Configuration Manager
-
Poate fi instalat pe 5 device-uri ale aceluiasi utilizator;
Drept de downgrade inclus pana la orice versiune;
O singura cheie si un singur kit pentru toate licentele achizitionate;
Licenta poate fi transferata catre noi utilizatori;
Dovezi licentiere: contract, confirmare comanda si factura de achizitie.
-
Windows Server Standard 2012 permite instalarea a 2
licente Windows Server in
mediul virtual
2 licente Windows Server 2012 achizitionate 4 licentein mediul virtual.
Cheie de activare unica;
Nu exista COA;
Contract nominal;
Costuri apropiate de celeOEM.
Licentierea SQL per core vapermite accesul la server a unui numar nelimitat de utilizatori, fara a mai fi necesara achizitionarea Client Access License pentru fiecareuser/ device
Migrarea aplicatiei in Azure
-
Pasii urmatori
- Actualizare portal Software Asset Management si incarcarea documentatieiaferente. Definirea unui responsabil din partea companiei pentru update regulat;
- Solutii licentiere pentru produsele instalate fara dovezile de achizitie;
- Suport implementare procese agreate.