Online Services Help Simplify Software Inventory
At a Glance:
- Online services basics
- Setting up the inventory agent
- Getting inventory reports
Your CFO just e-mailed, asking you for a "small favor": he needs a complete inventory of all the computers in your organization, where they are located, and what software is installed on each
machine. By the end of the week. He needs this because (pick one or more):
- It's time to plan the budget for the upcoming year, and he wants to know how much to allocate for software licensing.
- He's received a notice of a software audit and now has to demonstrate that your organization has enough licenses of a certain product to be compliant.
- He's been asked by your CEO to reduce IT operations spending, and he's thinking that application standardization is one way to accomplish this.
So what do you do?
IT asset management has evolved over the past decade, and now organizations have shifted focus to the effective management of their software assets. This is primarily because software now represents a significantly larger financial investment than it once did, but there are also growing legal, security, and policy issues that need attention. The possibility of being found to be in a non-compliance situation and facing large true-up fees or fines has further stressed the need for accurate software asset management.
Larger organizations typically have resources and tools in place to manage software. These tools are often large-scale, multipurpose solutions that not only track hardware and software inventory but also manage software delivery to the desktop and monitor performance, along with other operational functions. Where does that leave organizations where such solutions are not viable or where resources and expertise to implement and manage such complex solutions are not available?
Meeting the needs of business both large and small is one of the driving influences behind the concept of software as a service (SaaS). The Microsoft "Software plus Services" strategy encompasses efforts to develop service-based solutions to assist customers in managing software assets effectively. One of the first of these services, Microsoft® Asset Inventory Service, is being released to Software Assurance customers as part of the Desktop Optimization Pack for Software Assurance later this year.
Asset Inventory Service (AIS), shown in Figure 1, provides an easy-to-deploy, easy-to-use hosted service for gathering information about the software installed on computers throughout your organization. You can access this information through browser-based reports, and there are plans for a future version of the service to also analyze the deployment of Microsoft volume license agreements.
Figure 1** Microsoft Asset Inventory Service **(Click the image for a larger view)
The Nature of Online Services
Why adopt an online solution? There are several compelling reasons including immediacy of availability of updates and new versions, ease of adoption, and reduced deployment and management costs.
Online services are dynamic: like a Web page, the content and functionality can be constantly updated by the service provider to enhance the user experience and provide current responses to changes in the technological landscape. This provides an unprecedented level of agility and allows software vendors to deliver up-to-the-minute features, solutions, and knowledge that enable administrators to be more proactive in managing their desktops.
Online services have the benefit of being ubiquitous. In today's IT environments, you find a mix of situations, ranging from fully networked PCs connecting to network resources directly, to remote users and branch offices accessing resources over the Internet from widespread locations. Throw in mobile users who rarely even connect to your network except over Web-based mail programs, and it becomes very difficult to achieve a complete inventory of your IT assets. This has historically been a major challenge for inventory tools, particularly on-premise solutions that won't provide support for remote/non-networked scenarios.
However, most if not all of your PCs have Internet connectivity, so you can use an online service to manage them without implementing special measures to ensure connectivity to in-house client-server solutions. Access to the service to perform the management functions is equally accessible via a secure Internet connection, so you can manage any PC on your managed account from anywhere the Internet is accessible.
Deployment is easy, and you need only create your account with the online system to get started. There are no servers to stand up in your environment and no new network infrastructure and new software platforms to invest in. This all means less administration and financial investment. Ongoing support is also easier, since the organization does not have to worry about maintaining an upgrade path because the service will more often than not include newer versions as part of the service agreement.
Using the Service
Fostering an Online Community
Asset Inventory Service and the System Center Online service are furthering the development of a strong community of users who could influence the evolution of online services. The software catalog is an excellent example of something that a user community could provide input on (in true wiki fashion), and the users of the service could provide suggestions, corrections, and guidance.
In the future, the catalog itself may also be a valuable source of information to end users when they are researching potential software purchases. Aggregate anonymous statistics can be collected from the entire service to determine adoption rates for software and hardware products, and will provide useful data to end users involved in these activities.
The community will also be the voice that guides the overall direction of the service by contributing feedback on what areas should be prioritized to meet specific business needs.
To deliver online desktop management services, Microsoft System Center Online is building out a platform that will not only support Asset Inventory Service in the short term but also future services. The service has been designed with security, scalability, and reliability in mind. AIS is a completely hosted solution, with all servers located at Microsoft datacenters. To deploy the solution, customers must install a small piece of software on each client PC they wish to include in their managed inventory.
Asset Inventory Service is managed by the same people who manage Microsoft.com. It is a multi-tenant Web application that uses Web services to ensure privacy and security of data on a per-customer basis, and uses a combination of client and Web applications to store customer data. Agents running on the customer site upload software inventory to a Microsoft IIS Web service. Mutually authenticated SSL protects the customer data, communication between the client and the service, and the AIS Web site, and the site uses SQL Server™ for storage.
Using Windows Live™ ID accounts for authentication, customers log in to the service to manage their accounts and view reports. The customer Web site also uses SSL to protect the customer data and SQL Server Reporting Services generate reports. The SQL Server databases are mirrored and the Web sites are load balanced for high availability. In addition, the inventory data is partitioned into scale units for high scalability.
You subscribe to Asset Inventory Service by purchasing Microsoft Desktop Optimization Pack licenses on your Microsoft Volume License agreement. You can then activate the Asset Inventory Service subscription from Microsoft Volume Licensing services site at licensing.microsoft.com. To successfully authenticate and log in to the AIS service, you must have a valid Windows Live ID.
During activation, the agreement administrator designates an Asset Inventory Service subscription administrator by specifying her Windows Live ID. The subscription administrator logs in to AIS with her Windows Live ID and finishes the activation process for AIS. She can then subsequently add other users to the service by specifying their Windows Live IDs.
The client installed on each PC is a small, easy-to-deploy agent that is packaged as a Windows® Installer (MSI). You can download the agent installer and manage client deployment from the online service. (Figure 2 shows the management and support interface.) The agent operates in a manner similar to the Windows Update agent in that it communicates with the System Center Online servers on a regular basis. This is to update its inventory profile based on a predefined frequency and to self-update if there is a newer version of the agent available.
Figure 2** Account management and client deployment **(Click the image for a larger view)
Inventory is scheduled to run automatically, and no user intervention is required. There is also an option to start a manual inventory if necessary. The first time an agent contacts the service, it uses public key infrastructure (PKI) certificate credentials to present the customer identity to the service and to generate a unique identity for the computer on which the agent is running. The agent itself, which only runs on a scheduled basis, is designed to be unobtrusive for the user, so it takes minimal resources and runs in the background. Uploaded data files are small so as not to cause network traffic spikes.
The inventory process itself is light and efficient. The agent scans registry entries, the MSI database, and other sources to obtain installation information, unlike traditional management systems that intrude on users' productivity by scanning and resolving all executables present on a machine. This process returns software inventory data using friendly names with metadata that assists in the identification and classification of items so they can be used in a broad set of software asset management activities.
Once inventory data is uploaded, it is put through an identification and cataloguing process that prepares it for display in reports. Inventory data is matched against a central software catalog, where it is categorized. This is one of the most important capabilities of the service: every customer's software inventory data contributes unique signatures to a central software catalog. A team of researchers at Microsoft reviews the non-private, unclassified software signatures and, using a structured taxonomy of software families and categories, classifies the applications they represent according to what the applications are and what they do. These categories aid in providing a higher level of intelligence to reporting by allowing users to quickly focus in on specific types of software they are interested in—for example, maybe you only want to see antivirus applications.
Software signatures also serve to consolidate the data being displayed in reports. For example, a publisher name may have a number of variations—one application may report the publisher name as Contoso Software, while another may report Contoso, which would display them as different in a report. By consolidating publisher and application names, the ability to accurately report by these criteria and present data in a meaningful way is enhanced.
Once the user has arrived at the desired dataset by applying filters and groupings, report contents can be exported in a variety of formats supported through the use of SQL Server Reporting Services, including CSV files, Microsoft Word documents, Microsoft Excel® spreadsheets, and PDF files (see Figure 3). This allows you to perform additional external analysis and manipulation, or can serve as an input to other enterprise management systems.
Figure 3** Reporting inventory results **(Click the image for a larger view)
An upcoming feature in the service will enhance the way Microsoft licenses are handled, making the process much easier for users. Users will be able to upload their volume license agreement pairs, which will then be used to retrieve their license position information from the Microsoft Customer License Position Repository. This license entitlement data will then populate a statement that summarizes all licensable Microsoft software that was found to be installed and the corresponding license quantities.
Using the Product Identifier that is also collected during inventory, the installed software can be further broken out by channel: Volume License, Retail, and OEM. This feature is planned for release in the next version of Asset Inventory Service.
Asset Inventory Service is the initial offering from System Center Online, but by no means will it be the last. As mentioned earlier, System Center Online has the long-term objective of providing total desktop management services, to be completely available as an online service.
Some of the potential offerings under consideration include IT asset management for hardware and software inventory and tracking, software update and distribution providing functionality similar to Windows Software Update Services from the Internet, and online/on-premise hybrid services. A number of other desktop management services are also being investigated to see if they would work in this type of scenario.
To learn more about Microsoft Asset Inventory Service, take a look at microsoft.com/windows/products/windowsvista/enterprise/ais.mspx.
Paul Bourgeau a Program Manager in the System Center Online team, joined Microsoft with the acquisition of Assetmetrix.
© 2008 Microsoft Corporation and CMP Media, LLC. All rights reserved; reproduction in part or in whole without permission is prohibited.