Organizations using virtual machines (VMs) may find per leading industry analysts that they’re facing unexpected license costs. These VM license costs can be significant—settlement invoices are ranging from five to eight figures, quickly erasing the anticipated business value provided by VMs.
Obtaining value from VMs requires close attention by Software Asset Managers, IT Finance, and IT Procurement teams in five areas—audits, outsourcing, test and POC use, “VM sprawl,” and “shadow IT.”
- Vendor audits of software usage increasingly touch virtualized environments. One analyst group reports a recent increase among their clients in the number of vendor audits focused on applications running on VMs. Since major vendors such as Microsoft and Oracle will likely continue to increase revenue through license compliance, this trend will accelerate. As discussed in the white paper “Software License Audits: Myths, Facts, and Microsoft,” a thorough inventory will reduce license compliance risk before your vendors send true-up invoices. A baseline inventory of all installed software and related usage should include a special focus on virtualized applications. By then adding usage to the inventory process, you can identify compliance risk issues that can be easily remediated by reducing unused or little-used VM instances.
- The use of outsourced service providers. Contracts with outsourced service providers often don’t specify the responsibilities for managing software compliance in enough detail needed to reduce risk. If your organization expects service providers to manage software license compliance, you should review those contracts sooner and not later to ensure you understand and can mitigate risks. Check as well for whether or not you have the right to audit the outsourcer.
- Licenses that don’t cover common use cases, such as proof of concept or the test use of virtualized environments. Even as an organization is developing a business case for adopting or adding VMs, compliance risk can be incurred. If your contract does not specifically cover POCs or test usage, you may owe your vendor money even before adoption. Again, review your contracts, and if needed renegotiate to cover POC and testing needs.
“VM sprawl.” It is easy to incur license compliance overages via VM sprawl. This is partially due to the ease of setting up VMs and the apparent low initial cost. Adding to just the sheer number of VMs is that 37% of IT workers say they “are likely to look for a new job in the next year,” thus putting the knowledge of what’s running on some VMs at risk of being lost. That can leave organizations with potentially thousands of VM systems no one really understands. To mitigate this situation, you need IT asset management that enables understanding of not only the baseline configuration, but also how it’s changing and what applications are running on VMs.
- The impact of “shadow IT.” According to a report by Stratecast, “you can expect upwards of 35 percent of all SaaS apps in your [organization to be] purchased and used without [IT] oversight.” If this is true of SaaS, it likely extends to VMs, especially since these are not all LOB users—the same survey shows IT employees are more likely than LOB to adopt non-approved or non-policy-compliant apps. How will you know if you’re at risk? Much like the process for managing and monitoring “VM sprawl” risk, you need near-forensic precision in both discovery and in usage metering that can adapt to rapid changes in the environment.
New approaches to discovery, inventory, and usage on VMs can help mitigate the risks outlined above. One way to meet these challenges posed by virtualization is Asset Vision®. It provides integrated discovery and inventory, offers almost forensic-level usage analysis, and supports the modeling needed to fully prepare for and meet the complexity of software license optimization for virtualized environments. To see how Asset Vision can help your organization, contact us.
 “The Hidden Truth Behind Shadow IT: Six Trends Impacting Your Security Posture,” p 4, November 2013, Frost & Sullivan.
 Ibid, 4-5.