Feeds

The joy of software licensing on the desktop

Does anyone understand the options out there?

  • alert
  • submit to reddit

SANS - Survey on application security programs

Workshop One of the joys of working as a manager of desktop and laptop systems is to be found in the weird and sometimes surreal world of software licenses. Not really, of course. In fact, trying to ensure that the organisation is buying only the licenses it requires at the best price, while making sure that no unlicensed applications have materialised on corporate kit, can be enough to drive a budget-holding IT manager to despair. But just what are the challenges to be faced, and how can they be addressed? In this article we try to shed a little light on the murky waters of licensing.

Anyone who has waded through the terms and conditions associated with a software license will tell you that you probably need to have a degree in mumbo jumbo appreciation, or law as it is more commonly known, to be able to make any sense of the muddle of words employed.

The bottom line is that software licenses are complex, and adding to the problem is that every single publisher of commercial software manages to use license terms and conditions that vary in subtle, but important ways. This complexity is compounded still further when one takes into account that some software vendors offer a range of license models for the same application. While the flexibility undoubtedly provides options for the would-be user, it can be difficult to navigate the options.

Typical license models for commercial software include the “per PC”, “per named user” and “concurrent user”. Such licenses may be purchased outright with an option to buy some form of support-and-maintenance contract that allows bugs to be reported and software updates to be received. Alternatively the license may be in the form of an annual subscription which gives no permanent rights to use the software, simply the ability to use the software for as long as the subscription is maintained.

While selecting amongst these options is complex enough, one must also bear in mind that more and more users now seek to utilise their own equipment when working from home or as a standard operating arrangement. Though some vendors now include the right for a business to purchase a single copy of the software but allow it to be used not just on a company PC but also on a user’s home machine, this is by no means the case across the board.

Meanwhile, the idea of “discount for bulk purchase” has long been a factor in IT. The more you buy, the cheaper the units become. In the software world this has led some vendors to offer their licenses as individual units or bundles. Beyond these bundles, many vendors also offer site licenses or enterprise agreements. On the “home use” point, whether such enterprise agreements apply to employees using their own machines for company business may well need discussion with the vendor.

In all scenarios it pays to spend some time with a large sheet of blank paper and a calculator (or to make good use of some properly licensed spreadsheet software) to map out the various options to try and minimise software costs. Choosing amongst the options takes effort and understanding.

It is fair to say that few salespeople in the software reseller community are entirely comfortable working out license options, but at least they will have some idea. However there are very few IT professionals who have any specialisation in handling software licences. It is highly possible that any with such experience are snapped up by the main vendors, making life harder for both the general reseller community and end user organisations. As a consequence, both customers and channel partners would welcome some license model consolidation and simplification amongst the ISVs.

Now, I know that by this stage some readers will be saying “no licensing problems when you use open source software”. But is this true? In fact, the answer is probably not. Indeed, when talking with the senior managers of several of the major open source software vendors it is clear that they, too, struggle with explaining clearly to users the terms under which their software is distributed, and more importantly, supported.

In fact, most of the players in the space require that if you want support on their software you must have a subscription contract for all machines on which the software is to be deployed, or possibly for every machine in the company, irrespective of whether the software runs on all machines or not. Clearly, using open source software in important business systems does not mean that licensing and especially support and subscription terms do not need careful consideration.

At the same time, we have spoken to IT decision makers in end-user organisations large and small, who have expressed their concerns about what the different flavours of open source license mean, and whether they have implications for the companies’ own in-house applications if they are developed in conjunction with open source. While there are advantages and disadvantages of all forms of licensing, open source or not, it is clear that you should be undertaking sufficient due diligence whichever model you choose to adopt.

One last topic that deserves mention is the growing interest organisations are expressing in virtualisation on the desktop. Reg readers have already told us that they are looking at the various options that desktop virtualisation now encompasses. But the licensing impact of running any desktop virtualisation solution should not be underestimated, as few vendors make it clear how they would license software running in any virtualised environment.

So, where to start with desktop software licensing? On the plus side, there are now numerous good software inventory discovery tools available that can help work out just how many copies of each software package are deployed in the business. These can also identify, should local legislation and practice permit, which software is actually being used as opposed to just loaded but never run. Such software license management tools are now much simpler to deploy than in the past, and can perform regular audits without placing an unacceptable burden on systems.

Using such solutions, it becomes relatively straightforward to audit software deployment and usage to reconcile them with licenses and support contracts purchased. It can also help ensure that only authorised software is used in the business, and highlight any areas that may need further attention if unsanctioned software is being utilised for business purposes. Of course, auditing hardware which runs company-purchased software but is not owned by the organisation may pose challenges concerning privacy issues.

It is clear that software license management is by no means straightforward, but perhaps you think it's a solved problem. If you have good examples of how to manage software license complexity and software usage we would be very happy to hear your advice. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Reg man builds smart home rig, gains SUPREME CONTROL of DOMAIN – Pics
LightwaveRF and Arduino: Bright ideas for dim DIYers
Leaked pics show EMBIGGENED iPhone 6 screen
Fat-fingered fanbois rejoice over Chinternet snaps
Apple patent LOCKS drivers out of their OWN PHONES
I'm sorry Dave, I'm afraid I can't let you text that
Microsoft signs Motorola to Android patent pact – no, not THAT Motorola
The part that Google never got will play ball with Redmond
Slip your finger in this ring and unlock your backdoor, phone, etc
Take a look at this new NFC jewellery – why, what were you thinking of?
Happy 25th birthday, Game Boy!
Monochrome handset ushered in modern mobile gaming era
Rounded corners? Pah! Amazon's '3D phone has eye-tracking tech'
Now THAT'S what we call a proper new feature
US mobile firms cave on kill switch, agree to install anti-theft code
Slow and kludgy rollout will protect corporate profits
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.