top curve
Oracle licensing consultants

Microsoft Earnings – Much Improvement, Thanks to Nokia

Oct 24 2014: Published by under Microsoft

Microsoft is having a good first fiscal quarter, with an increase in sales by 25%, much in part due to the recent purchase of Nokia. The company is definitely showing signs of progress, but still has some strides to make in the mobile business.

Read more about their earnings report here.

mini technorati logo Bookmark with Technorati
AddThis Social Bookmark Button AddThis Feed Button

Microsoft Audits – What is worth fighting for?

Oct 23 2014: Published by under Microsoft Audit,software asset management,Software audit

Most common questions we get during a Microsoft Audit:

  • What are the primary points to negotiate with the supplier or their agent when an audit notice is received?
  • What are the points to fight for?
  • What are the points that are most important?

There are many, many moving parts involved in a Microsoft audit because of the many and varied products, license metrics, volume license programs, and Software Assurance considerations. 

There is a central set of principles in responding to audits that have been blogged about and spoken about and presented about from many software asset management professionals. They involve communication protocols, date of delivery, settlement, negotiation, et cetera, and these are well known; but to these, we can add or perhaps maybe just reemphasize some other points.

Ensure that the audit scope is explicit and written. The auditor will prefer to dictate schedules and priorities and it’s important that you, as a representative of the organization, control that process.

Scrutinize the findings. Understand that the findings, especially the initial findings, are going to require some adjustment and warn your teams not to take any action based on the initial findings.

Data from automated tools is only as good as the interpretation. The audit scripts and SAM tools gather the deployment information. The Microsoft license statement details the entitlements and the comparison between them is not simple arithmetic. There is a big chasm that exists between these two data points and it needs to be accurately and very effectively navigated.

Buyer Beware. Another point to mention is that your reseller (now referred to as a License Solutions Provider or “LSP”) may offer this service for free, but be aware that there is an incentive for them to complete a licensing transaction.



mini technorati logo Bookmark with Technorati
AddThis Social Bookmark Button AddThis Feed Button

IBM audits: complicated and getting nasty

Oct 22 2014: Published by under Compliance,IBM,IT Asset Management,Software audit

IBM audits are never welcome, but they are increasingly becoming part of the norm. Why? IBM has targeted software to comprise 50% of its total revenue by 2015– this growth is not from SoftLayer or Watson’s cognitive computing alone.

In the past, long-time IBM customers who have been audited felt that they did well even if they needed to true-up. Things have changed. The settlement process has taken on an adversarial tone with repeated threats of theft of intellectual property, rather than a civil discussion regarding usage and a straightforward cost for over deployed licenses plus two years back support.

IBM insists it could ask for a settlement in excess of current usage if its licensing measurement tool is not in use, and then applies some shady methodology called ‘sharing the burden’. However it’s presented, the settlement amount is in excess of a straight true-up and may include a new license purchase unrelated to the client’s current usage but bundled as part of the settlement. The client is prevented from settling without the new license purchase which by itself could financially exceed the true-up license cost multiple times over.

It may be a company will not be subjected to this new audit method. Or, a company could be a fully compliant IBM customer that runs ILMT or a Tivoli tool, looks at the reports for accuracy, and if a purchase was necessary will make the purchase. If a company is IBM loyal, perhaps there is a deeper understanding of IBM’s licensing language. With all that said, in today’s enterprise, with the vastness of IBM products and its aggressive auditing techniques, it’s not impossible to remain compliant, just complicated.

mini technorati logo Bookmark with Technorati
AddThis Social Bookmark Button AddThis Feed Button

Microsoft’s New Volume Agreement Isn’t As Short And Simple As Advertised

Oct 15 2014: Published by under Microsoft,Microsoft Enterprise Agreements,Microsoft Licensing Compliance,Microsoft Licensing Tip,Microsoft: News You Can Use,Uncategorized

Microsoft debuted a new volume licensing agreement earlier this year – Microsoft Products and Services Agreement (MPSA). Tim Hedegus of Miro was asked by CRN Magazine to shed some light on this new agreement and debate whether its really as simple as Microsoft claims. If you are interested in finding out more about this topic, you can read his comments here. 

mini technorati logo Bookmark with Technorati
AddThis Social Bookmark Button AddThis Feed Button

Microsoft licensing lessons learned – Mobility, BYOD and Desktop Virtualization?

Oct 14 2014: Published by under BYOD,Microsoft,Microsoft Enterprise Agreements,Microsoft Licensing Compliance,Microsoft Licensing Tip,Microsoft Software Assurance,Virtualization

Neither BYOD and/or desktop virtualization are inherently bad. If the funding is there for the correct licensing and the benefits of improved security and device and account management are realized, these approaches can be quite favorable to you.

Server virtualization is the generally accepted standard, the dominant model if you will. Today’s servers are far too massive, far too dense for single applications and perhaps more importantly, far too massive and dense for licensing.

Microsoft has moved towards its Core processor and Core licensing constructs for some of its products and the cost of licensing many of these very large servers is too cost prohibitive. Licensing just a few servers is not only more economical from a licensing perspective but also from a desire to maximally leverage the computing capability.

One of the best ways to do that is through virtualization and we have truly seen some sophisticated workload balancing schemes. In terms of Microsoft licensing on the desktop side especially, there seems to be a lot of confusion. Questions like: Is Software Assurance required? Or do we need other licensing like VDA or RDS? Or can employees use their own devices? The answer to all those questions is maybe. This may be the reason, in addition to cost, that desktop virtualization hasn’t quite hit its stride yet. In fact, some bloggers who have predicted its demise in favor of a migration to cloud and to Software as a Service models.

We know there are significant factors in play involving licensing a virtualized environment. These are based on architecture and license mobility among other things and we see companies struggling with achieving and maintaining the defensible license position as they try and interpret these licensing rules. We’ve also learned that BYOD and desktop virtualization can be more expensive than originally thought. We think that this stems from understanding the myriad rules around CAL licenses, VDA, subscription licenses, and Software Assurance benefits.


mini technorati logo Bookmark with Technorati
AddThis Social Bookmark Button AddThis Feed Button

Get Ready for (Another) Microsoft Audit

Oct 10 2014: Published by under Uncategorized

Nearly 60 percent of executives report having been audited by Microsoft in the last 12 months. The lesson: If you haven’t been audited by Microsoft recently, you likely will be soon. Tim Hegedus, resident Microsoft expert at Miro, recently published an article on Enterprise Apps Today regarding Microsoft audits – common triggers, navigating the process and prevention.

You can check out the complete article here.

mini technorati logo Bookmark with Technorati
AddThis Social Bookmark Button AddThis Feed Button

Managing Microsoft Inventory When Enterprise Edition Expires

Oct 10 2014: Published by under Microsoft Enterprise Agreements,Microsoft Licensing Compliance,Microsoft Licensing Tip

As your Microsoft Enterprise Agreement is set to expire, there’s a great deal to consider with your renewal options.


Some considerations when determining the next, best course of action:

  • current entitlements
  • expansion and consolidation
  • dynamics of the environment (e.g. remote users and access devices)
  • the company’s roadmap versus Microsoft’s roadmap
  • current license position
  • spending target

Every organization is unique and there is no clear cut answer to what is best. The products, the quantity, the license programs, the current state, the look forward, are all unique in every situation.

It can be impossibly complex to navigate this renewal process unless you understand a vendor’s specific licensing rules – in this case Microsoft – and can customize approaches that are most favorable to your organization. 

mini technorati logo Bookmark with Technorati
AddThis Social Bookmark Button AddThis Feed Button

Ethical Hackers Find Oracle Vulnerability

Sep 30 2014: Published by under Database security,Risk,Security Assessments,Security Risk

Data security is always an issue, especially as more and more of our lives exist online.

CNN recently interviewed two hackers Bryan Seely and Ben Caudill, who discovered an unsettling security hole, uncovering intimate details like children’s school records, including detailed bus route information; arrest and prosecution information from a major Midwestern city; and the real names and numbers of intelligence agents visiting a major American port.

Seely and Caudill “ethical hackers.” Seely and Caudill – along with Rhino Security Labs’ lead researcher Dana Taylor – found that a weakness software giant Oracle discovered in 2012 – and provided a fix for – remains a huge vulnerability to any customer that missed or ignored the fix.

Oracle issued a response to the issue:
“We identified this issue two years ago. It was not a product coding defect allowing hackers to bypass security mechanisms. Instead, the product included a configuration setting allowing customers to disable security checks. Oracle identified that customers were leaving this setting open and immediately issued a patch that made the default setting for customers secure. This patch was issued as part of our regularly scheduled Critical Patch Update customers know to apply every quarter. Oracle notified all of our customers directly that they should apply patch. This process is commonplace in the industry,” said Oracle spokesperson Deborah Hellinger.

What’s the moral of the story here? You can’t wait for your software provider to contact YOU about these things – you need to be on top of security updates/fixes/patches, etc. so that your organization is not vulnerable. Being proactive versus reactive will allow you to come out on top!

mini technorati logo Bookmark with Technorati
AddThis Social Bookmark Button AddThis Feed Button

Guest Blog: Paul Vallee, Pythian on Bash

Sep 29 2014: Published by under Miro News

A new vulnerability in a utility called “Bash”, a commonly-installed command execution shell, was discovered yesterday. This vulnerability has been termed “SHELLSHOCK” by the media. Pythian’s systems were patched overnight and are no longer vulnerable.

This vulnerability only affects Linux systems, so if you are not running Linux on your data center servers this vulnerability does not apply to you.

What is Bash?
Bash is a “shell”—a basic component that enables interaction between a human and an operating system, in this case Linux. It is responsible for running all common commands such as directory listings, moving, or copying files, etc.
What is the vulnerability in Bash?
The vulnerability allows someone to run any arbitrary code on an affected machine. If this was only due to human interaction, we can assume the user will be logged in and already have permissions to run that code, so what is the big deal? The issue arises because Bash is commonly called by lots of other code as part of their execution that may not necessarily be a human logged in. For instance, certain web servers call bash, so anybody who has access to your web pages could “inject” and run unauthorized code on your servers to take them over, serve malicious code, or even steal confidential data. More information is available here: CVE-2014-6271.
What should you do?
Patches are available from all major Linux vendors such as Redhat, Debian and Oracle for their versions of Linux. Most Web Application Firewalls (WAFs) have been updated to guard against this exploit.

Notice to clients who use Amazon/AWS

Amazon is going to be proactively rebooting ALL AWS instances between September 26, 2014, at 2:00 UTC/GMT (September 25, 2014, at 7:00 PM PDT) and September 30, 2014, at 23:59 UTC/GMT (September 30, 2014, at 4:59 PM PDT). They have not stated what ‘bug’ they are fixing at this point and do not intend to do so until all of the reboots have been completed. This is a very large scale effort, and one Amazon has decided is necessary due to the severity of the bug.

Reports indicate all instances will be affected with the the exception of T1, T2, M2, R3, and HS1 instance types are not affected.

For more information see below, and also notices should be visible within your AWS Console

• If you are a Pythian client, please contact your team lead immediately to co-ordinate patching your systems.
• If you are not a Pythian client: Pythian offers a rapid response team that can rectify these sorts of situations and can help harden your systems to prevent exploits. To engage Pythian, please email

Paul Vallee, CEO – Pythian

mini technorati logo Bookmark with Technorati
AddThis Social Bookmark Button AddThis Feed Button

Oracle Board Appoints Larry Ellison Executive Chairman and CTO

Sep 20 2014: Published by under Oracle: News You Can Use

Well, its official! The Oracle Board of Directors elected Larry Ellison to Executive Chairman of the Board and appointed him the company’s CTO. Jeff Henley, who has served as Oracle’s Chairman for the last 10 years, was appointed Oracle’s Vice Chairman of the Board.

Both Safra Catz and Mark Hurd were named CEO. So, in a nutshell, Safra and Mark will now report to the Oracle Board rather than to Ellison.

Ellison has made it clear he doesn’t quite want out, but he has no interest in being CEO. This will be interesting to see the routes he takes and where his focus will land as CTO!

mini technorati logo Bookmark with Technorati
AddThis Social Bookmark Button AddThis Feed Button

Next »

bottom curve