Microsoft User CAL Price increases – useful FAQs

I have seen several articles about the recent price increases, but unfortunately none of them answered my burning questions, such as whether or not Microsoft would still allow a one time swap between device and user CALs that are under subscription.

However I have stumbled across a set of FAQs from COMSoft Direct which provided the most comprehensive set of answers to my queries yet.

CAL Update FAQ

By the way, I have recently been to Brazil… saw some amazing wildlife, including two courting jaguars!

I enjoyed this…

Where has she been?

I have to apologise for not making regular contributions to this blog over the last few months.

The main reason is because I have now been writing for the ITAM Review on a more regular basis.

To read my work there, please follow this link:

I will try and keep up this blog, but it is likely to be on a sporadic basis as I am pretty busy in real life!

Tiered SAM Review Part II

Below is the second part of my detailed review of the proposed Tiered SAM version of ISO 19770.

Hardware asset management…

The draft references hardware asset management but only in the context of how hardware asset management is useful for SAM. There is an internal contradiction in that it makes the claim that for all practical purposes software asset management and hardware asset management are synonymous because it is impossible to manage SAM without managing the hardware… however it then goes on to explicitly exclude from scope all hardware asset management that does not affect SAM… thus the draft makes the rather large assumption that hardware asset management for everything else isn’t necessary or important.

If your focus is license compliance, that may be true, but if your focus is to maximise the ROI of all your IT Assets it is most certainly not true.

So SAM is not synonymous for ITAM… I have no problem with the ISO being just about SAM, but I do wish it didn’t imply that it also covers all aspects of Hardware Asset Management because it doesn’t!

Alignment to ITSM Maturity levels…

One of the benefits of a tiered approach to SAM that is not explicitly referenced in the document is that it will allow organisations to achieve a recognised level of maturity even if the maturity of their IT organisation will not allow them to achieve one of the higher teirs.  It would be helpful if the current tiers for the lifecycle process interfaces were cross-referenced against the likely maturity path for organisations as at the moment some of them don’t make sense.

For example, incident management is considered a Tier 4 process while software deployment is considered a Tier 3 process. However even the most immature organisations have fairly robust incident and request management processes in place – they have to, otherwise they would all get sacked!! Both of these are surely Tier 2 processes?

This also applies for change management – it is generally one of the first service management processes organisations implement because it has such a dramatic impact on service provision. In addition, I would argue it is one of the most important SAM  processes – without it you have very little control over the detail of server licenses (moving a service from a physical to a virtual server can have a dramatic impact on licensing, for instance) so it must be a Tier 2 or even Tier 1 process.

On the other hand, the problem management process is listed as a Tier 3 process. But very few organisations do problem management effectively, and to prevent an organisation from gaining Tier 3 because they do not have mature problem management in place seems unreasonable.

Risk management….

There is no mention of the important role risk management should play in determining priorities for SAM and acting as a driver for continual improvement. The need for regular risk assessments is identified, along with the major categories of risk that sub-standard software asset management creates for organisations, but there is no sense of how the risk assessments should determine priorities or that they should be used to identify opportunities for improving SAM through out its lifecycle.

Just a reminder that the revised standard will be available for review until the end of March, so there is still time to take a look at it and review it yourself if you are interested.

Tiered SAM – review of Draft ISO 19770-1

I thought I would take the opportunity to review the Draft ISO 19770-1 – Tiered SAM proposals in a little more detail. I like most of the changes in the draft, but feel that a few opportunities were missed.


The new version now explicitly recognises that SAM can be restricted in scope, both in terms of the organisation carrying out SAM (it doesn’t need to be the whole organisation), and also which applications / products are controlled. This is a very welcome change, particularly for UK businesses who have been steeped in the FAST myth that it is necessary to identify every last piece of software on every single machine in the entire organisation in order to do SAM.

The tiered approach makes a lot of sense and will help organisations prioritise activities so that they get the ‘biggest bang for their buck’. The available of certification will help organisations understand where they are in their journey and help keep them motivated to continue to improve their SAM.

Mapping to industry standards

I particularly like the fact that Annex C maps the Standard to existing industry standards, in particular COBiT. This goes some way to rectify the lamentable habit SAM has of viewing itself in isolation from the rest of the organisation within which it operates. A similar map to ITIL may be helpful, although as one of ITIL’s shortcomings has always been its woolliness around ITAM, it may not be practical!

The mapping to the IAITAM and Japanese SAMCon best practice is a little more controversial. I wonder if this is really needed and whether it gives undue weight to these organisations. Having said that, IAITAM is at least genuinely independent (as opposed to the software industry sponsored BSA and FAST IiS) and does aspire to be the global professional body for IT Asset Managers.

As one of the aims of the changes is to introduce a certification / conformance assessment process for SAM, Annex C will be beneficial for organisations who are implementing SAM using the SAMCon or IAITAM methodology, although it somehow doesn’t seem fair to organisations who have followed a different implementation route eg FAST or the Microsoft SAM programme. Having said that, it is quite likely that both these organisations will follow the BSA in aligning themselves to the standard, so this is really just a minor quibble.

SAM is a service….

There is more of a sense that SAM is a service provided to the business rather than being a project that must be implemented and then your journey is over. This is where a more IT Service Management oriented structure may have been helpful – thinking of SAM as having its own lifecycle, starting with strategy development, planning, implementing it, operating it and improving it. Although each of these elements are covered within the ISO, there is a failure to place them within the broad context of IT service management. This is a pity because it just increases the isolation of the discipline from the organisation within which its day to day activities are conducted and without which there is no point to doing SAM.

This post is getting rather long – I’ll continue with Part II of my review next time I post.

ISO 19770-1 Tiered SAM Review

I have just spent a couple of hours of my Saturday afternoon reading the draft ISO 19770-1 Tiered SAM Review document and completing the accompanying on-line questionnaire.

This is a clear demonstration of both a) what a true geekette I am and b) how little is happening in my personal life at the moment!

If you are as geeky as me and wish to review the proposed document and complete the questionnaire, please feel free to go to the ISO 19770 website and download the document from one of the links on the page. The link to the online questionnaire is in the document itself.

The document is available for review until 1 March 2011.

The proposed changes to the ISO  19970-1 were drafted in response to an end user questionnaire carried out in 2007 which found that the existing standard was too much of a mouthful for most organisations, that license compliance wasn’t given a high enough priority and that people wanted more guidance about implementing SAM.

The changes proposed for the ISO support these goals by splitting the ISO into 4 Tiers which build on each other, and by including the processes crucial for license compliance in the first tier.

The final goal – additional guidance for implementing SAM – is fulfilled by the addition of Annex C and E to the ISO. Annex C maps the sections of the ISO to several different other industry standards (IAITAM best practice, COBiT and Japanese SAM Consortium best practice), while Annex E outlines various maturity models in existence for SAM.

The accompanying on-line survey asks users to assess whether the proposals meet the objectives and whether the annexes outlined above are an appropriate addition to the Standard.

The existence of an ISO standard for SAM provides an important theoretical framework for SAM, as well as providing credibility for Software Asset Managers struggling to build the business case for improving SAM in their organisations. The proposed tiered structure aims to make SAM more achievable for all organisations, so I would encourage everyone with an interest or experience in SAM to take a look at the draft and provide feedback as to whether it achieves its aim… even if you aren’t as geeky as I am, it will hopefully be a worthwhile use of your time.


I attended the ITIL Foundation V2 – V3 bridge course today… time will tell if I passed the exam, although I already know I got one answer wrong! Not a great start.

But it did make me realise what a missed opportunity the upgrade from V2 to V3 was for SAM, particularly in the UK. Although in theory OGC’s Guide to Software Asset Management publication was also updated from V2 to V3, the changes only affected one chapter and the rest of the book was unchanged.

This is a pity. SAM as a “service” provided within an organisation slots in very well with the concept of a Service Lifecycle, which is the major difference between V2 and V3. The Guide to Software Asset Management, and indeed the two ISEB courses and the ISO19770 which are all based upon it, see SAM as a project to be implemented rather than a service that needs a strategy, should be formally designed, should be transitioned to in a controlled manner, should be operated as an ongoing activity, and constantly improved.

To me, although I am a self-confessed IT Geekette whose early career was steeped in ITIL, this is a much more intuitive way of thinking about SAM than the existing Guide. It also allows for the fact that very few organisations are starting with a blank slate so the idea that “SAM” is a product, best implemented by a project, is of limited use to most SAM Managers today.

These days, most SAM Managers are desperately trying to maintain day to day operations (make license decisions and provide advice, capture deployments, purchase licenses, receive them, process entitlement etc), possibly juggling vendor audits as well, with limited resources, limited mandate and limited project management skills.

What most SAM managers do have the resources, mandate and skills to do is improve existing processes by thinking about the big picture, analysing and prioritising what is achievable, figuring out how to tweak processes, people, tools and partners to get there, actually getting people to accept the changes and start doing them every day. They can then start thinking about the next round of improvements they’d like to implement!

Basically, the Service Lifecycle is what most asset managers are already doing in a non-formalised way, and it’s a real pity the OGC only did a cosmetic job on the V3 update.

Welcome back!

It’s strange saying welcome back to yourself… but the last few months have been pretty busy. I spent a busy month in Australia travelling around Queensland, Victoria and New South Wales, visiting lots of family and friends and meeting my 4 month old nephew. It was fun, but immediately after I got back Christmas was suddenly in full swing! As you can see, it was a very stressful trip!

I did my best not to think too much about SAM while I was in Australia and then again over Christmas, but I did come across this article in the economist last week. In particular, it was interesting to see how the cloud can be divided into three different types of cloud services.

Process Orientation

It has been commented of me many times that I am ‘very process oriented’. My suspicion is this tends not to be a compliment!

So I was delighted to read in a recent blog post that the IT Skeptic shares my pro-process bias.

What is needed is a process and a team to understand and use that data in a polished practiced way to answer real-time questions about service impact from incidents and changes… The rest of the world needs to … pay attention to improving behaviours (e.g. writing things down, being accountable for changes), optimising process (getting slick at working out the impact implications), and refining simpler tools (e.g. ad-hoc correlating of data across sources)

I am relieved to see I am in very good process-oriented company!

ISEB SAM Essentials and Practitioner Qualifications

Firstly I’m sorry it’s been so long since I posted. I have been incredibly busy over the last few months, and will be just as busy between now and the new year, so the lack of posts is likely to continue for a good few months yet!

However, I have recently gained the ISEB SAM Essentials and SAM Practitioner Qualifications and I thought I would write a short review of the course book, the ITIL V3 Guide to Software Asset Management,as well as a review of both courses.

Taken together, the SAM Essentials and SAM Practitioner courses are an excellent foundation for Software Asset Management and are probably the best choice for SAM professionals wishing to seek a qualification in the UK, particularly if they are like me and not particularly good at ‘distance learning’. If you’re better at distance learning than I am, or can to travel to the US to attend a course, the IAITAM series of courses may be of interest. The BSA has recently announced a series of SAM Courses – SAM Advantage, but given their origin it must be suspected that their focus will be very much on license management rather than true Software Asset Management, a suspicion which is confirmed by looking at the sample SAM Policy and SAM Memo on the BSA Website!

Guide To Software Asset Management

The course book for both courses is ITIL V3 Guide to Software Asset Management. The book was recently updated to ensure its first chapter is aligned to the latest iteration of ITIL, however the balance of the text is the same as the original guide, published in September 2003 (!). Although the book is really showing its age, with barely any mention of the internet, let alone virtualisation, cloud computing, or mobile device applications, it is still adequate for the job of teaching Software Asset Management. Unfortunately, there is also nothing in the book about SAM maturity models or how to conduct a SAM maturity assessment, which I suspect is another symptom of its age.

Although the book is an official ITIL publication, some of the terminology isn’t consistent with ITIL, and there is never any real explanation of the link between configuration management and SAM. However, to be fair, my experience is that ITIL itself is unclear on the relationship between asset management and configuration management, so to be expecting otherwise is a bit unrealistic!

Even though it pre-dates to ISO 19770 standard by several years, the common ITIL background of both means that the alignment between the two is more than adequate to allow this book to support efforts at implementing SAM in alignment with the ISO standard in an organisation.

SAM Essentials

The SAM Essentials course is held over three days, with a 1 hour multiple choice exam at the end, which if passed will grant the SAM Essentials qualification. I personally found the course excellent – it codified and structured my existing knowledge, while providing plenty of scope for discussion of more detailed areas of SAM than were covered by the course.

I would definitely recommend this course for both experienced software asset managers and those who have been thrown in at the deep end and are struggling to get their heads around what it is all about.

SAM Practitioner

The SAM Practitioner course is held over 5 days with a 3 hour written exam on the final day. The SAM Essentials course is a pre-requisite for attending the SAM Practitioner course and sitting the exam.

The material covered is essentially the same as that for the SAM Essentials course, although the practitioner course extends students’ knowledge by teaching the basics of writing a project business case, writing SAM policies, and doing a risk analysis. All good stuff.

However, the course is unashamedly focused on the establishment and implementation of SAM as a project, and I’m not really sure why. Implementing SAM as a project may be the ideal, but it is just that – an ideal. The majority of Software Asset Managers operate in an environment where SAM of some sort is carried out, and where more often than not the task is to understand the relative strengths and weaknesses of SAM in the organisation so that an effective remediation programme can be put in place.

The course also tends to assume that SAM is (or should be) a high priority for organisations. Unfortunately, this is just a pipe dream – as I have explained in a previous post - and it was an aspect of the course I found quite frustrating. In reality, the fact that SAM is generally quite a low priority for organisations reinforces the importance of building a business case for SAM, but there is nothing in the course to help students model and assess the maturity levels of different aspects of SAM in their organisation so they can target their business justification efforts more effectively.

I have off-handedly offered ISEB my services in re-writing the course – I doubt they will take me up on the offer, but it would be fun!

The Exam

The exam is a 3 hour written paper. Sadly, I failed it first time around and had to resit. Unfortunately the course does NOT prepare students well for the exam, as there is no guidance on how to answer scenario-based questions and the sample answers to the mock exam are skeletal. I feel very strongly that as it stands, passing or failing this exam is a matter of luck, and I urge ISEB to provide better sample answers for the mock exam and ensure that training providers are required to provide a session on answering scenario based questions.

For the resit, I made time to research answering scenario based exam questions. This boosted my achievement between the two exams by 12 marks, the difference between a narrow fail and a very respectable pass. For those of you who may be planning to sit the exam, the David Chevin’s Scenario Based Questions slide deck was extremely helpful, as was this uncredited document on the Chartered Secretaries Southern Africa website.

I would recommend the SAM Practitioners course for those who want help with the implementation of SAM in their organisations. The practical aspects of the course – creating a business case, writing SAM policies and doing risk assessments – will be very helpful for those who have been asked to become SAM leaders for their organisations, although the course would benefit from the addition of a basic SAM maturity model and an understanding of how to assess the maturity of different aspects of SAM so that activity can be prioritised.

However those who already have experience and skills at a strategic level in other disciplines won’t get as much out of the course as those who may find they need to do a business justification for the first time. Middle managers and those with project management experience will probably find that the SAM Essentials provides them with sufficient basic knowledge to implement and / or improve SAM in their organisations.

If you want or need to do the Practitioner exam because you need the qualification, beware that preparation for the exam in the course as it stands is very poor and take advantage of the two resources I have provided above to try and get you through the exam first time! Good luck!