Categories
SAM Strategy Thoughts

ByoL into AWS & Azure: Room for savings or new trap?

Our customers have often asked us if they could use their licenses into the Cloud, and whether it was a real manner to optimize the spend, or just a non sense.

To make a long story short, our answer is YES; keep as a quick answer that Bring your own Licenses into the Clouds is a real way to optimize your spend.

That being said, we still need to have a step by step approach to make sure we will not make errors and do the right moves with ByoL. For the longer answer, please read below.

Where do you stand ?

First thing is to know precisely your license position. Actually, it is the exact same consideration as if you were about to license a new on prem architecture, and the idea is to know whether you still have remaining buffer of unused licenses or not.

Establishing a license position for Windows Server, System Center and SQL Server should be automated as much as possible, and optimization through dynamic allocation should be repeated every time you refresh your license position.

Here is a quick example of simple chart that illustrates the use rate of your licenses after an optimized license position.

The green share indicates the licenses that you have purchased and that are fully used today to license your footprint. The red share indicates the possible missing licenses, to be reduced as much as possible of course through optim, infrastructure changes… and to be possibly remediated by a new purchase of missing licenses or True Ups if no other solution; The blue share indicates the financial part of licenses that are unused and put on shelf after optim. Tricky things in licensing is that you may have missing licenses and extra licenses at the same time… of course we necessarily have different characteristics of licenses (different editions, or versions, or metrics, or SA coverage). In a ideal world, there is no red part, but also no blue part ! Indeed, the blue share just means that you have purchased too many licenses that you do not make use of ! Unless….

Identify the eligible situations for ByoL

Amazon & Azure have documented the eligible situations for ByoL.

AWS & Azure rules can be found below:

In these links, to summarize we can highlight that:

  • Rules have changed since October 2019 because Microsoft has precised the use of ByoL into the various Cloud providers (incl Azure); these changes are reflected into the “Listed Providers” scheme here.
  • It is more difficult now to use existing Windows Server licenses into AWS; but some situation still exist, and for those, Software Assurance is not required !
  • For AWS and SQL Server, we can both use the licensing mobility rule or the standard licensing rule, but we must pay attention to the subscribed plan (Standard EC2 instances, versus Dedicated EC2 instances, versus EC2 Dedicated Hosts). Software Assurance remain necessary.
  • For Azure, rules are more numerous, and we can both benefit from existing unused Windows Server & SQL Server licenses. That can be used through the Hybrid Use Benefits, and Microsoft also allows SQL Server ByoL for managed databases (not only IaaS, but PaaS).

Calculate & Optimize

Then, it starts being possible for you to use ByoL when the two following conditions are met:

  1. Some unused licenses on shelf,
  2. One or several cloud situations eligible for ByoL.

Are these two conditions met ? If so, you should not hesitate and go for ByoL then. Why?

First, every day these unused licenses stay on shelf, it is like you leave the tap open! Value of your unused licenses depreciates day after day, and making sure to use them as often as possible is never a wrong choice.

Worried about the fact you may need such unused licenses in near future for newcoming projects? My second point is to say that ByoL is not irrevocable. You can change your mind every 90 days and put back such licenses on shelf and go for Azure or AWS subscription.

Overall, it is an immediate 20 to 40% discount depending on your situation when we consider that extra subscription costs linked to licenses part into Azure or AWS is just an extra cost because you already had and paid for your licenses ! So, why would you keep your licenses on shelf for future purposes if you can make savings now ?

To simulate such savings, it is now clear that you need to be accurate. Many licensing rules are different in the cloud versus on premise, and even between Cloud providers.

Fortunately, we have recently released into SamBox.io the management of ByoL for both AWS & Azure. Easy now to calculate your Microsoft license consumption into your premises and into your Clouds at the same time.

How to proceed now?

First, you need to follow the above-mentioned steps to measure the range of savings you can reach into that direction. It depends of multiple parameters of course, but if you have a large move-to-Cloud strategy, for sure these savings can be huge !

Then build your KPI, to demonstrate such benefits (based on number of instances licensed through ByoL, and amount of savings achieved; make sure to collect the avergae cloud spend per VM in advance to simulate the savings).

Finally, it is a matter of communication and sharing across the company. Write a short Byol Policy, review your processes, communicate them to stakeholders, and make sure that SAM brings support to them to secure the savings.

Ready ?

Categories
SAM Strategy Thoughts

Microsoft ESU – what’s the deal?

Following the end of support for SQL Server 2008/2008 R2 on July 9, 2019, Windows Server 2008/2008 R2 also reached the end of support on January 14, 2020. What does this mean and what are the alternatives?

Microsoft’s support policy states that products have a 10-year lifecycle during which they will provide support. These 10 years are actually cut into two periods – 5 years of mainstream support followed by 5 years of extended support. At the end of extended support, there is no more support available from Microsoft (except in very exceptional circumstances) which immediately introduces security risks if you are still running these versions. Specifically, these servers are no longer receiving security patches and any newly discovered flaw is an attack vector for trojans, ransomware etc. to potentially infiltrate your enterprise.

What are the options and is it already too late?

The first recommendation is to make sure your plans align with Microsoft’s support lifecycle, so you are only running software that is supported by the vendor. Microsoft strongly encourage organisations to ensure they are running at least Windows Server 2012, which is supported until 2022, but moving to Windows Server 2016 (supported until 2026) and Windows Server 2019 (supported until 2029) will give you a longer period before this situation occurs again. While it may seem that this is obvious, often we see organisations where around 25% of their server estate are legacy machines running Windows Server 2008/2008 R2. This can be for a variety of reasons but one of the most common is that a 3rd party application has a dependence on these older operating systems.

What are the (real) options?

If you are still on the impacted versions and you want to get protected ASAP, there is only one real option – Microsoft Extended Support Updates (ESUs). These extend the support deadline to 2023 but give only security updates – for Windows Server, it is those updates rated “Important” or “Critical”. There are two ways to access the ESUs:

1) Purchasing ESUs via your licensing agreement
2) Migrate your legacy servers to Azure

Purchase ESUs for on-premises servers

ESUs are available to purchase via the following licensing programs and channels:

  • Enterprise Agreement (EA)
  • Enterprise Agreement Subscription (EAS)
  • Server & Cloud Enrolment (SCE)
  • Enrolment for Education Solutions (EES)
  • Cloud Solution Provider (CSP)

And you need to have Software Assurance (SA) on the existing server licences, the Client Access Licenses (CALs) that connect to those servers, and on any external connector licenses for those servers too. That SA, however, can be on a different agreement.

On-premises customers will receive additional ESU keys via the well-loved Volume Licensing Service Centre (VLSC) website but must install certain packages before activating the keys. It is to be noted that KMS activation is not possible.

For CSP customers, the relevant Server Subscription licenses allow ESUs to be purchased.

How much does it cost?

Extended Support Updates for Windows Server (and SQL Server) cost approximately 75% of the on-premises license cost PER YEAR – taking Microsoft Extended Support Updates is by no means the cheap option! If you cover a server with ESUs for the full 3 years, you will pay 2.25 x the price of a full license – you could most likely have bought Windows Server 2019 w/SA for that price.

Migrating to Azure

If you need/want to remain on the older releases, another option is migrating the on-premises servers into Microsoft Azure, as cloud servers running Windows (or SQL) Server 2008/R2 receive ESUs at no additional cost. On the face of it, that makes the equation:

On-premises = 2.25 x cost

vs

Azure = Free

But, of course, it isn’t really that straight forward! Once you get the server into Azure, you need to pay for the virtual machine, storage, networking etc. but even before that, the journey to the cloud is costly too.

The time needed to test compatibility, convert, and then migrate the physical server into the cloud is rarely a quick process and will incur plenty of “soft” costs through internal time and resources. Equally, if this move to the cloud is quicker than your organisation originally planned, you may find higher costs in on-going maintenance and management of the Azure based servers too.

Hybrid Use Benefit

Those of you with Software Assurance (or Server Subscriptions), you can take advantage of the Azure Hybrid Use Benefit to reduce the cost of your Windows Server virtual machines running in Azure.

For every 16 core licenses you have with active SA, you can run up to 2 VMs with up to 16 cores. Interestingly, the Microsoft guidance such as licensing datasheets, Microsoft Docs etc. says that each VM can have “up to 8 cores” however this isn’t reflected in the Microsoft Product Terms which instead states “16 Virtual Cores allocated across two or fewer Azure Base Instances”.

Windows Server Standard licenses can be used on-premises OR in Azure, while Windows Server Datacenter licenses can be used on-premises AND in Azure simultaneously – on shared servers. For Windows Server Standard, there is a 180-day migration period where you can run the licenses on-premises and in the cloud at the same time, to facilitate the migration process.

Hybrid Use Rights are also available for SQL Server, although the rules are slightly different. You can use them to reduce costs on SQL in Azure in both IaaS and PaaS scenarios, but there is no concept of simultaneous use between on-premises and Azure – save for the same 180 dual-use rights to allow migration to the cloud.

Conclusion

As already stated, if you’re looking at the Microsoft Extended Support Updates now, they’re probably your only real option – at least for the first year. That said, it can be a good opportunity to review your software refresh policies for the future as similar situations will come around before you know it; it’s only 2 years until Windows Server 2012 leaves extended support.

Get an overall picture of your server estate, match it against Microsoft’s support end dates, and then sit down with the relevant stakeholders to find out why the old versions are still in use and what can be done to make a change – hopefully upgrading the on-premises infrastructure more rapidly and/or creating a smooth, easily repeatable process for moving servers into the cloud.

What about SamBox.io ?

What’s the link between ESU questions and SamBox.io ? Well, as previously explained, licensing rules are complex with Microsoft, and it might be difficult to estimate the forecasted cost of a sub-perimeter we want to apply ESU on. That’s why our SamBox.io platform enables you to estimate that cost, make simulations, possibly draw infrastructure changes to get it at the most optimized cost. SamBox.io is a self-service platform, that meet customers’ self-reliant expectations.

Further Reading

Obtaining ESU updates – https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091

This article was written by Rich Gibbons, ITAM Review, Mathieu Dufetelle, SamBox.io, and Damien JuillardSambox.io. It is also published on the ITAM Review website.

Categories
Thoughts

Best Wishes for 2020

Hard work is part of our mindset and customer satisfaction our best reward. That’s why we have been very happy to launch SamBox.io in 2019, and we have exciting plans for 2020. We do thank our customers for the support they have provided to us so far, and will be looking forward to meeting them (and new ones !) during this new year.

We wish to all of you that your job brings you happiness, career success, moral satisfaction, warm trustful relationships in the coming year.

Happy New Year !

Categories
Market news SAM Strategy Thoughts

Who is SamBox.io for ?

This is direct question for those who might want to know more about our positioning, and more globally to compare our tool to other tools in the market.

Let’s figure it out, positionning is close to strategy, and what we strongly believe on. So let me provide an answer in 3 sections.

Where do we stand today compared to our competitors & partners ?

The comparison matrix below shows where we stand compared to other SAM Tool providers across 10 key characteristics:

SamBox.ioSAM Tool providers like Snow, Flexera, Aspera, ServiceNow…
1) SW CoverageWindows Server/System Center,
or SQL Server,
or Oracle Database & Middleware
so far
Very Wide
(almost all SW Vendors)
2) Acquisition of SAM Tool100% Online
Public prices, online payment, immediate provisioning of service
Traditional approach
(meeting with sales, quotes, negotiation, deal, installation)
3) Technical Integration / InstallationNo need
100% SaaS, immediate use
Required
Technical architecture depends on the number of devices to be inventoried, and scope of SW to be addressed
4) Ingestion of Acquisitions & EntitlementsFast
Only needed for the delineated SW scope being analyzed. To be filled in into Excel
Requires functional integration
(via consulting services, or training of users).
To be filled in into the SAM Tool
5) Ingestion and/or setting of licensing rulesNo need
Specific engine for each SW Product family, including all detailed licensing rules & specificities
Requires functional integration
(via consulting services, or training of users).
To be filled in into the SAM Tool
6) Discovery capabilitiesFocused on the SW Product family
Through connectors or dedicated scripts
Very Wide
(almost all SW Vendors)
7) Data QualityData quality directly driven on the delineated SW scope
Quality can then easily be improved, directly in the Excel spreadsheet
Data quality indicators for the global SW Scope
Not necessarily easy to know what is wrong for one dedicated SW Compliance snapshot
8) Compliance calculationImmediate & fully automatedDepends on the SAM Tool
Calc can be quite long, and quite complicated to refresh if input data needs to be modified.
9) Optimized Compliance snapshot – best license allocation schemeImmediate & fully automatedDepends on the SAM Tool
Very limited capabilities; requires human being in-depth SAM knowledge to optimize
10) Support on licensing rulesIncluded
Immediate access to licensing expert
On top
via consulting services or profesionnal services

OK, and why such a positioning ?

SamBox.io has been released late 2019 whereas SAM Tools like Snow Software, Flexera, Eracent, 1-E, Ivanti … were first introduced 5 to 10 years ago. But Elée, who is the SamBox.io publisher, is also a 9 year old SAM consulting company, pure player, with a very strong record of SAM projects in many customer environments, on many SW Vendors. That is the benefit of hindsight. For the past 5 years, we have worked on many SAM Tool integration projects, and we do have a good overview of key success factors for such projects, associated benefits, but also sometimes the hurdles and all the difficulties which can make such projects quite complex. That is why, before releasing SamBox.io, we have taken a step back and analyze the situation.

Traditional SAM Tools are very powerful because they usually embedd very extended discovery capabilities, they cover the widest scope of Softwares as possible, very large catalogs of SKU, of Software Signatures, and they are very adapted for global SAM steering within a large company (many vendors, many indicators to follow, overall performance of SAM).

The thing is that such SAM Tools are like ERP for licenses, and like for any other ERP Software, when you invest 1$ in the SW, you need to invest 5 to 10$ on integration services to make it work. ROI exist, definitely, but likely more on a 3-5 year cycle than on a 12 to 24 months expected max period. Customers are not always prepared to that, and we have faced a lot of situation where integration services budgets were then too much compressed. Unfortunate consequences are:

  • lack of reliability on license positions (with then still a high level of risk when audits raise),
  • the feeling that the company does not get the value for money…
  • … and the overall legitimacy of the SAM members being challenged into the company (versus outsourced managed services for example).

SamBox.io has then been thought to be a tool that does not cover an area of softwares as wide of traditional tools, but that eases as much as possible the SAM cycle on very well delineated perimeters. Key characteristics of SamBox.io are then :

  • Built on verticals, each of them adressing one accurate and delineated scope of softwares (1 vertical for Windows Server/System Center, 1 vertical for SQL Server, 1 vertical for Oracle DB & middlewares, and other verticals to come in 2020),
  • Fast running of a full license position from data collection to optimized balance, in a couple of clicks (less than 10 clicks, 10 min computation time end to end),
  • Highest level of reliability and optimization on the vertical (including a unique easy-going data quality improvement feature),
  • No integration or consulting services needed, no hidden cost, fastest ROI in the market.

With such a differentiating approach, we know that we will never cover the same wideness of SW vendors than traditional SAM Tools, but our moto is to focus on the verticals where value for money are the highest:

  • Software scope that generally represents a large spend on IT budget,
  • Software scope that have complex licensing rules, tricky contracts that are hard to manage and control,
  • Software scope for which financial stakes are high (either to mitigate compliance risks, and/or to optimize and generate savings),
  • Software and services either on premise or delivered by Cloud providers.

Concretely, we believe that you should not need us to calculate your license position on Microsoft Visio or Projects, but for complex Microsoft metrics, Oracle licensing, IBM, SAP, Adobe…. it may be different. We will soon release early 2020 our roadmap for the begining of next year.

Who is SamBox.io for then ?

SamBox.io serves both large companies as well as small and medium business. But contexts may be different:

  • For large companies that have already implemented a SAM Tool (with success or not!), SamBox.io can run on top ! We have indeed developed interfacing capabilities which enables to extract the data out of a SAM Tool, process them into SamBox.io, and even re-inject the results into the SAM Tool. Why would companies do that ? Well, main reason is the reliability and optimization seeking, and when we talk about large companies, optimization on SQL or Oracle can definitely be huge amounts of money !!
  • For large companies that have not yet purchased a SAM Tool and do not have an extended budget, SamBox.io is a great opportunity to get started with SAM automation. Cost is much cheaper than other SAM Tool, and it does not imply to think of it as big project.
  • For Small & Medium businesses, we are truly convinced that SamBox.io is the best way to go.
    • First, because SAM may not be as strategic as for large companies (because SW spend is not large enough for them, fortunately),
    • Second, because a pragmatic tactical approach may lead IT managers – with transversal responsabilities from infrastructure to applications – to only consider SAM when risks are the highest, and not for all vendors
    • Third, small and medium businesses are not used to have recourse to consulting or integration services (because IT budget are maybe more constraint than for large companies!), and SamBox.io offers that seamless SAM journey without any additional fees (even questions on licensing rules are included into the support of SamBox.io).

Categories
SAM Strategy Thoughts

Already +3 000 licensing positions!

That’s it!

I am happy to share that we have just run over +3 000 licensing positions!

So many snapshots since the first use of our compliance engine. Let’s assume that SamBox.io computes in ~5 min what usually require dozens of hours at least if done manually… without even the same level of reliability & optimization in the results (sorry to say that, but we’ve been through this period…)

  • we talk of ~4 500 man.days that have been saved…

What about you? Do you prefer to spend time assigning licenses, computing licensing rules, verifying, revising, starting over, again and again… Or don’t you think it would be preferable that you immediately bring added value in the roll out of optimization action plan… and maybe explain to you DBA that he may have activated some options that cause licensing issues, or validate with your infrastructure manager that he should change the config or their cluster?

Well, beyond the fact that SamBox.io helps you determine reliable and optimized results, basics of SAM return of investment is not to save time to reduce the SAM Workforce, but save time to better use it for actual savings purposes. We will later write a post on ROI and how to establish an efficient SAM Strategy & roadmap.

Categories
Thoughts

Licensing optimization – Stake of dynamic optimized license assignment

When it comes to license position establishement, we can sometimes hear that licensing is a matter of “interpretation”, and there is not one single true “licensing position”. Well, I must say that I do not necessarily share such starting assumptions, even though I definitely end up with same outcomes.

Let me explain: Having multiple interpretations of licensing rules implies that definition of such rules are ambigous, inconsistent, or just too vague. It definitely happens sometimes, and some software vendors are indeed less accurate than others when it comes to defining licensing rules. But we should all keep in mind that licensing rules are the operational version of the “granted rights” clause that exist in any SW contract. And contractual schemes and architectures are sometimes complex, and require legal skills to determine which section(s) should prevail or not on some other(s), and whether side documents are “official” ones to be taken into account or not. In any case, the possible multiple interpretations of licensing rules should always be the result of a legal analysis. It is then interesting to consider real court decisions, and determine how vague licensing rules really are.

Concretely, difficult to argue that Microsoft licensing is not clear. Product terms document are released and updated multipe times per year, and history of all product terms are fully accessible to everyone, publically. Besides, have you ever heard of a court decision stating that some Microsoft licensing rules aren’t valid or applicable?

About Oracle, licensing rules are much more discussed and subject for debate within licensing professionals clubs, or simply on the internet; but reality is that Oracle has yet managed to make their rules be applicable & in effect because it is almost impossible to rely on a court decision that would be a precedent for everyone, and nulify their logics so far (“Oracle does not recognize soft partitioning” remains the magical statement!).

What about SAP and the so-called indirect access usage? Everyone who knows SAP licensing would tell that indirect access is not easy to determine… grey zone… yet, the Diageo court case and the £54.5m decision is unfortunately a real figure, real money… and a clear message that “interpretation” is not necesarily favorable to end customers.

We could continue listing large SW Vendors and determine how valid licensing rules are, but in any case, within Elee, we do believe that it is too risky to count on hypothetic multiple interpretations of licensing to try to escape from contractual obligations; therefore, we will always recommend to make a rigorous work on licensing calculation, and accept the counting work, even if it is hard and boring sometimes.

But making a rigorous licensing calculation does not mean that we should accept to pay through the nose! Let’s respect the rules, and play with them!

Elee has developed deep expertise on selecting the most optimized licensing rules, when we have the opportunity to choose among multiple rules. And that happens all the time when you are dealing with complex vendors. Let’s explain below the real stake of dynamic optimized licensing allocation versus classical static license allocation. Ready?

Let’s consider below a small SQL Server situation. On the left, your entitlement (stock of licenses you can use); on the right, the environment you have to license.

Well, static allocation of licenses implemented by common SAM tools as well as auditors would give the following:

What would now give dynamic optimized license assignment?

Both licensing schemes fully respect the Microsoft SQL licensing rules! But as far as I am concerned, I definitely prefer the second option!

Now let’s imagine that you do not only have 1 cluster and 1 standalone physical server…. but dozen, hundreds or sometimes thousands of them? Let’s also imagine that optimized dynamic license assignement work for every situation where you can pick up between different licensing rules for each single situation? Licensing each VM separately, or the full underlying physical layer; core-based licensing versus proc-based licensing versus server+Cal licensing; highest or lowest licensing eligible version? Bundle or not? MSDN or not? NUP or CPU? Professional or Employee?… Do you see what I mean? Stake of optimized dynamic licenses assignment is huge, and I am happy to conclude that yes, there is not only one single true licensing position, and let’s take advantage of it!