What about the compliance responsibility of your licenses when you use the Cloud Service?
Increasingly, companies return to core business and at the same time want optimum flexibility regarding IT when outsourcing. Outsourcing of IT services usually means hiring services through the Cloud, in lots of varieties. Think about virtualisation with dedicated hardware (Private Cloud) up to Software as a Service (SaaS) and all possible forms in between. But what are the consequences for the existing licenses and software contracts?
This will be depicted in two blogs from a Software Asset Management (SAM) point of view. This blog discusses one side of the spectrum, from Infrastructure as a Service (IaaS) up to Platform as a Service (PaaS) in relation to SAM. René’s blog discusses the other side of the spectrum, Software as a Service (SaaS).
IaaS and PaaS
But first let’s go back to base: a global description of IaaS – PaaS. In my opinion this regards the server environment, leaving aside whether you host services for your virtual desktop or make connection to the server with physical end user devices. You can rent infrastructure from a Service Provider by dedicated hardware that for example includes the previous company hardware. Or one can choose to rent the hardware from the Service Provider. I will exclude any possible virtualisation for IaaS (but who stopped using this nowadays?). The physical hardware of the Service Provider does not apply to PaaS. The platform is enough, for example (virtual) servers with Windows Server Operating System (OS) and with Linux OS. In the case of PaaS it is important that the server software the organisation needs is provided by the Service Provider, for example Microsoft Azure.
Transition of the own environment to the environment of the Service Provider
Let’s assume that the decision has been made to largely wind up the own IT infrastructure and start using the Service Providers. Then you are entering the transformation phase. Because an organisation can decide that the hardware is (as good as) depreciated, this does not apply to software and licenses. In particular when the annual maintenance of the license has been prolonged. So make sure you know which licenses are deployed in the environment(s) and if they will be passed on to the Service Provider.
The next step is to determine which (server) software licenses can be used in an IaaS or PaaS. What about for example the Client Access Licenses? What combination is allowed regarding the ‘old licenses’ and the Service Provider environment? What did the Service Provider include in the contract? Think about Microsoft SPLA: the Service Provider reports to and pays Microsoft for the licenses that are included in the service they provide you. And you have to know what you are paying for and what licenses you have, to avoid double licensing (by you and by the Service Provider). What will you do with those licenses that are no longer used and what about the corresponding running contracts like software support & maintenance? Did you know there is a developing market for second hand licenses?
Inform and Compliancy responsibility
I mentioned it before, the contracts with the Service Provider.
- What does the Service Provider do regarding SAM and will the workload be reduced for you as a customer?
- Will you be updated properly and regularly with reports on the hardware and software licenses that are involved with the service?
As a customer you don’t have a full insight into the Service Provider infrastructure, so what can you agree on this together? Who carries responsibility for compliance? It could lie with the Service Provider, for instance in case of PaaS when the Service Provider makes available the server with Operating System and Subscription Access Licenses (SAL instead of CAL) through a SPLA. But when the server runs software of which you have purchased the licenses, for example RM, the compliance responsibility of this pack remains yours. When in such a case the server licenses are based on processors, the Service Provider has to grant you clear periodic insight in the usage of the processors.
Software Asset Management: also important in relation to the Cloud services
Is your head spinning after reading all these questions? Keep in mind that Software Asset Management (SAM) isn’t something you can do on the side. SAM is a serious focus area and organisations that are negotiating contracts with the aimed Service Provider for IaaS and PaaS need correct and adequate information regarding hardware, software, licenses and contracts that are involved in the transition to the new contract. It is advisable to have the purchaser, contract manager, finance manager and IT manager of the organisation look together at the Service Provider, from a SAM point of view. This can be helpful to avoid unnecessary costs and to be in control of the licenses that apply to IaaS and/or PaaS. Don't assume that the Service Provider will offer you a customized pack that includes all these aspects. They also build their service based on other important matters like flexibility, functionality and maintainability and will not instantly include the number of hosts and virtual servers in a report.
Will your organisation be using the Cloud? You will still need to be in control of your software licenses and contracts. And what about SaaS solutions? René’s blog will tell you more about this.