vendor management

Failure to track virtualization licensing terms can cost you

An unnamed client of Forrester Research received a bill for $1 million from a software vendor for violating licensing terms. The problem was that the company was running its software in a virtual environment on any number of servers in its data center, versus only the servers it had originally licensed the technology for.

This isn’t the first time I’ve heard of virtualization licensing terms being violated. A systems integrator told me that a customer had to pay Microsoft $300,000 after an audit of an application virtualization project. Apparently, the company was using Symantec’s Norton Ghost disk-cloning technology to create ghost images of four different desktop models. The company had licenses for four images, but they were being used by 800 users.

So how are vendors counting licenses under the virtualization model, and how can you avoid violating virtualization licensing terms?

Duncan Jones, a licensing expert and analyst with Forrester Research, gives some background in a recent report on counting virtual licenses:

For decades, many software vendors have licensed their products by hardware-based metrics such as server, processor, or device. The definitions they have used in their license agreements assume a permanent assignment of software to physical assets. The licenses are like labels that the operations manager can attach to a piece of hardware to say “this device is licensed to run Product A.” But the lawyers who wrote these agreements never envisioned today’s virtualized data centers. Increasingly, applications now run in software-controlled bubbles, called virtual machines (VMs), which usually cannot be permanently associated with the physical resources supporting them. This makes it hard for software vendor managers to ensure that their organization has sufficient license capacity — one can’t affix a license sticker on a virtual machine. If they’re not careful, these sourcing and vendor management teams may find themselves facing a large unexpected bill after a software audit.

Jones offers a few steps you can take to avoid violating virtualization licensing terms. These include:

• Choosing to license products based on named users rather than processors;
• Working with your vendor to retrofit your software licenses for a virtual environment;
• And, simply favoring vendors with more enlightened licensing policies.

Burton Group’s Chris Wolf believes it is time for those serious about virtualization to get a third-party licensing management tool. IBM offers such tools, as does ManageSoft.

ManageSoft, for example, allows you to audit the software you have in a virtual infrastructure and maintains an online database that will validate compliance for the applications and operating systems running in a virtual environment.

License compliance is no joke, as those who’ve been fined can attest. The onus is on you to figure out what you need and work with your vendors on the terms you need.

Let us know what you think. Email me at ctorode@techtarget.com.

Massachusetts bribery scandal over Cognos BI is sad commentary on IT

Talk about a lack of business intelligence: A former Cognos BI sales rep has been indicted, along with some former top Massachusetts officials, in a bribery scandal surrounding a now-voided $13 million deal for performance management software for state government.

Though nearly all the players have since moved on to other things, this episode takes us back to a time that wasn’t good for this state’s IT. Indeed, the IT organization was apparently nothing but a pawn in this transaction, as the House speaker and his associates took seeming advantage of a CIO office in transition.

The time of the alleged activity found the IT organization in the hands of an acting CIO, the previous two CIOs having left after short tenures in apparent turmoil over an open document standard. CIO Peter Quinn resigned in late 2005, and his successor, Louis Gutierrez, lasted just 10 months. Gutierrez resigned in October 2006, citing a lack of funding for the commonwealth’s technology initiatives. Interesting how the House speaker pushed through legislation for $15 million for a BI project just a short time later. (He resigned earlier this year and is a key figure in the indictment.)

The acting CIO then signed off on the Cognos BI deal; in one account, this interim leader said the influence of top politicians didn’t affect her technology choice. However, the project didn’t get far. The commonwealth finally hired a permanent CIO in July 2007, Anne Margulies, who soon “raised concerns about ‘discrepancies’ in the bids,” and ordered the review that eventually uncovered the alleged activity, according to one report.

Now, anyone who pays attention to the news knows that there’s plenty of influence peddling out there, and much of what we find out about is in the public sphere, where everything from construction contracts to political office seems to be available for a price. CIOs are hardly immune to similar temptations. Whether it’s Lakers tickets or a pool in your backyard, CIOs do encounter vendor bribes, and it’s my guess that not all of them are as honest as the CIOs we interviewed for a story on steering clear of vendor bribes a couple years back.

Still, in Massachusetts, it’s notable that only elected officials and their lobbyist face charges as a result of the investigation into the bribery scandal. But the fact that no one from IT was fingered isn’t exactly good news, either. If elected officials (or executives) are steering the IT ship, choosing the technology path or big package that will perform key functions for years to come, something is wrong. Of course, with a revolving CIO door, Massachusetts already knew that.