Investigate the evidence (the science behind license compliance)

License Compliance is important for every company, large or small. Being able to demonstrate compliance correctly stands or falls with the timely availability of correct, complete and validated data.

TIP #58 - September 2020: Recognising and linking unrecognised (software) evidence is important for license compliance. Read more about it in this tip.

Evidence provides the basis of every conclusion or statement and is the sole source of knowing true license compliance. To determine the installed base, this means being able to demonstrate which software - with corresponding version and edition - is installed and / or used on the managed infrastructure. It is also necessary to determine on which (type of) devices this diversity of software is or has been installed. Evidence is therefore required.

The presence of evidence needs to be detected, analysed and interpreted. SAM / ITAM Tools such as FlexNet Manager often have their own, periodically updated reference database (recognition library) incorporated. These recognition libraries contain relationships between various traces of evidence, based on file and / or installation information, and the associated software or application. In the specific case of FlexNet Manager, this is called the ARL, the Application Recognition Library.

Due to the multitude of publishers, applications and evidence that can be found per application, it is unrealistic that these reference databases cover every piece of software or are up to date. Part of the evidence will remain unrecognised and will not automatically be linked to applications. This makes software detection incomplete and a possible compliance risk arises.

There are several reasons for evidence being unrecognised, such as unclear and careless use of naming conventions in case of packaging or failure to update a Recognition Library on a regular basis. Also, management processes that are not properly designed can be the reason for a multitude of evidence and applications that remain behind on the infrastructure. Due to the lack of a healthy set of ITIIL processes, license compliance will remain a matter of instinct.

In order to make sure a reference database is complete and accurate; it might be necessary to add relationships between evidence and applications manually. As a result, new releases, but also applications specific to your organisation are added to the reference database, recognised and included into license consumption calculations.