RSS

Tag Archives: Octopus Cloud

SPLA Audits: Survival Guide

19 Sep
SPLA Audits: Survival Guide

Here’s an example of an unsuccessful audit and what this Company could have done differently. True story. Don’t waste a failure. 

Customer A

Background

The Company reports roughly 75,000 USD a month in SPLA revenue. At one point, it was almost double that amount, but over the years, they moved workloads away from SPLA and into Azure. Although their SPLA has decreased, their CSP spend has increased significantly.

Five years ago, Company A went through an audit. They owed a small amount of money but were not nearly as large as now. Most of their growth has come by the way of acquisitions. Last year, Company A received another audit notification.   They were not as worried about the audit because they expected the same outcome as the previous one. 

The Process

The CEO received an audit notification specifying the audit process. A kick-off meeting would outline the requirements and what information they (auditors) would need to complete the project. This was conducted by a third-party audit firm, not Microsoft directly. Once the kick-off meeting was completed, they would move on to the data collection phase. They ran a scan of their entire infrastructure using the MAP tool and produced a raw data report. Once received, the auditors will compare Company A’s past usage reports and what was discovered during the audit. Whatever the delta is, ultimately, is what they would owe. 

The Outcome

This process was completely different than the original audit several years ago. Company A worked directly with Microsoft, not an audit firm. It was easier and completed on time. This new audit took a long time to complete. More assets (Servers/VMs) to uncover resulted in a longer time to perform the analysis. The longer it dragged out, the more uncomfortable senior management became. The Board wanted to move past this audit quickly to budget for the upcoming fiscal year. The auditors obliged; they didn’t want to spend too much time on the audit either. So, the auditors delivered a settlement letter with the total amount owed. The CEO was shocked. They initially thought they might owe about a month’s worth of licensing, but they owe well into seven figures. Completely unbudgeted, heads were going to roll. They pleaded with Microsoft, but the only option was to inquire about financing. Company A settled at the direction of their Board. Audit complete.

What did Company A do right?

They were responsive to the auditor’s request. I think this is a good thing. You shouldn’t ignore them, and your response is always appreciated.

What did Company A do wrong?

Everything outside of being responsive. Here’s what they should have done differently.

They have worked on their timeline, not the auditors. Company A should have taken a deep breath to respond but not rushed into something they were unprepared for. They knew their licensing wasn’t 100% accurate. They should have performed their risk assessment to understand their exposure.

Hired a consultant such as SPLA Man. You need to interpret and translate the data into a SPLA licensing report. This is also a great way to identify software you may have installed but never turned off or removed access. It’s good to get this information before the kick-off call.

They barely negotiated. The best Company A came up with is financing. When you negotiate with a major publisher, they must keep the conversation sales-oriented. When you don’t, it becomes very black and white. The product terms are the product terms, and you can’t change them. But leverage what you do have. In this example, Company A has a lot of CSP spend, leverage that. They also moved workloads to Azure. Guess what’s a top priority at Microsoft? Yes, Azure. 

They need a go-forward strategy. Maybe find a tool such as Octopus. Cloud to help manage installations more efficiently. Find your risk before it becomes a risk.

The key thing to remember is not only did Company A have to spend seven figures on an audit, but it also tells me they are not charging their customers accurately either. That’s the more significant issue, in my opinion.

So there you have it. What am I missing? Have a question? Going through an audit? Email info@splaicensing.com, and we can help.

Thanks for reading,

SPLA Man

 
1 Comment

Posted by on September 19, 2023 in Uncategorized

 

Tags: , , , , , , , , , , , , ,

Interview with John and SPLA Man

18 Sep
Interview with John and SPLA Man

I asked a hoster (large provider who wants to remain anonymous but used John as a alias) about all the changes at Microsoft and beyond. Here’s the reduced version of the transcript. I will post the video later.

Interview Q & A on everything hosting. Audits, CSP, Flexible Virtualization, More Audits 🙂

SPLA Man: Thank you, John for joining us today to talk about SPLA. Let’s start off on your background. You were a software engineer focusing on software development for a small ISV back in the early 2000’s If I understand this correctly. How in the world did you end up getting mixed up with SPLA? (Laughs)

John: (laughs) I do not know. When I graduated from Georgia Tech, I went to work for small firm in Atlanta, Georgia. We were building a financial application specifically for the banking industry. It was a massive undertaking but also took up A LOT of processing power to install it, on premise. We decided to host it from a datacenter we partnered with locally to provide it more or less like software as a service. When we did that, we didn’t really consider the licensing.

SPLA Man: In walks SPLA (chuckles)

John: Exactly. I still remember getting an email from Microsoft asking us about our product. Ironically, I was actually thinking they were going to partner with us but it turned out to be an audit inquiry.

SPLA Man: Oh no! How did they know what you were doing?

John: I asked them the same question, they found a marketing brochure we posted on our website that talked about hosting the application to customers. I guess they could see we didn’t have a SPLA Agreement.

SPLA Man: Ok. Before we go further, let’s take a step back, we will go through the audit, I am sure the audience will appreciate the feedback there. But going back to your career. You started off working for a small, I guess for no lack of a better word, ISV. How long did you work there?

John: I was there for a few years and it was eventually acquired by another software developer firm. I ended up resigning and going back to school to get my MBA. Once I graduated with my MBA, I went to work for a large datacenter, an infrastructure provider here locally as head of product development and datacenter management. I still work there today 15 years later. (Laughs)

SPLA Man: And I assume they had or have a SPLA agreement?

John: Yeah, that’s where I drew the short straw and took over managing SPLA. Reporting to our distributor and working with Microsoft and our customers.

SPLA Man: What year was this when you graduated and started managing SPLA?

John: I graduated in 2008, so right around then is when I took over the licensing along with other responsibilities.

SPLA Man I was going to ask, what portion of your day do you spend on licensing related inquiries and what was spent on your leadership responsibilities or whatever you were originally hired to do?

John: (Laughs) I actually spent more time on licensing. Back then it was so confusing, it still is I suppose. There’s very few people who knew SPLA, that’s actually how I found you. I thought SPLA Man was nuts.

SPLA Man He is. (Laughs) But going back to your career, as a developer, was licensing ever a consideration? I always used to say, figure out the licensing first and then build the solution. But now with all the options it is the opposite.

John: I think, well, to answer your question, no. I never considered licensing. I knew licensing, actually let me rephrase, I heard of licensing, but I was hired to build applications. Licensing I always thought was something we would just document in our own terms and conditions or we would be informed by Microsoft.

SPLA Man: You mentioned you worked with Microsoft. How was that relationship?

John: My first job as a developer we didn’t work with them much. Later on with my current company, it was good. We would go to Seattle for their hosting conferences, I had a Microsoft rep who worked with us at the partner level. Any licensing questions we were told had to go through our reseller. It is still like that today.

SPLA Man: You still work with Microsoft or you have to get licensing advice from your reseller?

John: I only work with Microsoft for CSP. Licensing, I turn to you. (Laughs)

SPLA Man: Very nice. Alright, let’s go back to the audit.

John: (Laughs) Do we have to?

SPLA Man: Well, we don’t but I’m curious on your experience.

John: Alright. Well we were actually audited twice. Originally back, in I guess, 2006 or so we were audited because we were not using SPLA at all. We just bought the licenses outright from the direction of our distributor.

SPLA Man: Oh man. Were you mad with the distributor?

John: Nah. It wasn’t their fault. They weren’t even authorized for SPLA to begin with. I blamed our Microsoft rep. That didn’t really help.

SPLA Man : What was your experience like?

John: The first audit wasn’t bad. It’s not like our environment was huge, we owed money but we used the delta between what we purchased and what we owed by SPLA. The good news back then was that we were audited by Microsoft directly. In our second audit with my current company we were audited by KPMG.

SPLA Man: Couldn’t you argue for self-hosted in your first audit?

John: That information would have been helpful, SPLA Man. Just kidding. Well, self-hosted I am not even sure was around back then and we didn’t have software assurance. If we knew SPLA, it actually would have benefited us. Pay as you go fits well.

SPLA Man: So you were audited with your new company. Was the experience different?

John: Big time. We’re a much larger environment, thousands of VMs. It was a mess.

SPLA Man: How did you do your reporting?

John: So here I do blame our distributor a little bit. We used a script to track installments. We would then report to our distributor monthly. They did not have an online platform to submit it so we did it manually via a spreadsheet. It was never processed on their end and I believe that triggered the audit initially.

SPLA Man: Maybe. I think it is more based on revenue but if you do not report no matter who is at fault, Microsoft or any publisher will know. The thing with audits especially using an audit firm, Microsoft is going to want a return on their investment. Small datacenters get ignored in audits but won’t get audited because the return isn’t there. I’m guessing thats why you were not audited by KPMG in your first audit.

John:  You are probably right. 

SPLA Man:  So you were doing things manually, more or less. What was the audit process like?

John:  I didn’t work with Microsoft that much, mostly the auditor. And I get it; they are just doing their jobs, but it wasn’t fun. 

SPLA Man:  Can you explain? 

John:  You didn’t think this would be fun, did you SPLA Man? I’m kidding. It was really the time and effort. As we said, we were doing things manually. We didn’t have a process. So when the auditors asked us for information, we used their tooling system and sent all the data back to them. We thought, here’s our reporting, it’s all there. Which, in hindsight, was a mistake.

SPLA Man:  Oh wow. You sent them just the raw report of all installations?

John:  Yes, we wanted to finish this and move on. So we thought, “Here, take everything and tell us what we owe if anything.” We had no idea we were out of compliance.

SPLA Man:  So what was the outcome?

John:  I won’t explain specifics, but it was seven figures. Completely shocked.

SPLA Man:  So you just wrote a check and called it a day?

John: I wouldn’t make it that simple. In the end, we did owe the amount, but we broke it up and did an Azure commit for some of it.

SPLA Man:  How long did the audit last?

John:  Start to finish? Probably about a year.

SPLA Man:  So then what? Like how did you know what to commit for Azure?

John:  We didn’t, but we sure as heck were not going to write a check.

SPLA Man. Okay, so I guess what were the next steps?

John:  We worked with you. We had to get a plan. You recommended Octopus to help manage the licenses. It helped keep track of the deployments and streamlined, I guess, the process for us. We still have to understand the licensing, but the overall collection of data and billing helped us.

SPLA Man:  Yeah, anytime you can reduce the time spent on reporting, the better. So, now that you have gone through two audits, what do you do to prepare for the future?

John:  Well, that’s where the Octopus team helps. We do SAM baseline reporting. It’s kind of like a mini risk assessment to ensure we are doing it correctly. The other thing is we try to stay on top of the licensing better, especially with all the new changes.

SPLA Man:  Yeah, I was going to ask. What do you think of all the new changes? Good, bad, indifferent?

John:  Yes. (laughs) I think the change is generally good. The only problem is Microsoft will always tell us SPLA is more expensive or that Azure is the best thing since sliced bread. The reality is it depends on the situation. We like SPLA. CSP requires us to more or less be a reseller. We do not like that. Of course, if our customers want Azure, we will not turn them down. We look at the new changes as another way to go to market. It’s not one program over the other. It’s what our customers want that matters.

SPLA Man:  We will dive into that more in a later podcast. Thanks for volunteering for another interview (laughs). But as a hoster, do you think SPLA will go away? I know I get asked daily.

John: No, they have tried to eliminate SPLA ever since BPOS. Remember that? No, seriously, I think SPLA will always be around. I appreciate your work and the work Octopus does to help create content and make our lives a bit easier. 

SPLA Man:  What about the new flexible virtualization? Do you help customers make the right decisions there?

John: Yes, we host our own training for customers. I know you have helped us and the rest of the Octopus Cloud team do that as well. I think that really has helped us with positioning. You are right; everyone is now a competitor. We have to make it easier for the customer. So I think the flexible virtualization is part of it but the other thing is, in many instances, customers do not want to mess with the licensing.

SPLA Man:  I agree. And thank you for mentioning training. I think that is super important. Anything else? How about this last question? What advice would you give to another hoster going through an audit?

John: I know we didn’t get into the specifics, but I would take my time and not rush through it like we tried. I would also prepare more. If you are not going through an audit now, you will eventually. Try to understand the risks now before it is too late. 

SPLA Man: Smart words. I always say, let’s eliminate risk before it becomes a risk. If you are not licensing correctly, you are not charging your customers right either. 

John: That’s exactly right.

SPLA Man:  Well, John. I appreciate your time today. Let’s do another interview. I want to dive into the flexible virtualization more and all that fun stuff.

John:  Interview for sure. I am not sure anything with Microsoft is fun. (laughs)

Thanks for reading,

SPLA Man

 
1 Comment

Posted by on September 18, 2023 in Uncategorized

 

Tags: , , , , , , , , , , , ,

Why a SAM Practice is Important

15 Jun

I recently took some time off to spend with Mrs. SPLA Man and the kids when my 13 y/o son asked me, “Dad, why do service providers only have one person reporting SPLA usage to their reseller? Why would they report anything if they didn’t know it was right? After all, you wouldn’t even drive away from a fast-food drive-thru or pay for a new pair of shoes unless the order was right or the shoes fit! So why would an SPLA provider spend thousands (if not millions) of dollars each month when they don’t know if what they are ordering is right! And then Dad, they get audited and have to pay even more!”

I was never so proud of my son. Me and Mrs. SPLA Man certainly raised him right. That story about my son was a bit silly, but the moral of the story is accurate. Why do service providers spend so much money reporting usage if they do not know it’s right?

I think they know it’s not right, but they also think it’s not that far off either. How many of you who have gone through an audit said this prior; “We might be off a SAL or two, but in the end, we won’t owe much. After the audit, they find themselves owing millions of dollars. So much for being off a SAL or two! Here’s where I think service providers do themselves a disservice in not having a SAM practice/plan in place.

  1. They only have one person reporting usage. In most cases, a procurement person or office manager will email an engineer, and the engineer will send an excel report with what he/she believes should be reported. The office manager reports it to the reseller. The problem with this scenario is what happens if the office manager leaves? What happens to the relationship with the reseller? Does the engineer know they should license what is installed? A great example is Office Pro Plus/Std. Most engineers will install Office Pro Plus, forget about it, and report Office Standard. Don’t be that guy!
  2. You are reporting simply because it’s a requirement by Microsoft. Yes, reporting is a requirement, but reporting SPLA should be used as a tool to gain information inside your data center. What is installed? What do users HAVE access to? Are we reporting SQL Standard when we installed SQL Enterprise? We report SQL Web, but is it a public website we are hosting? Reporting SPLA usage should provide you with insight into how profitable you are per individual customer. If you get audited and find out you should be reporting SQL Enterprise (that’s what is installed), but you report SQL Standard; how easy is it to go back to your customer and ask for more money? You just lost the customer and lost out on all that additional revenue. Reporting is about business intelligence.
  3. Not have a tool in place or SAM practice. The two go hand in hand (SPLA tool and SAM practice). You can have a tool, but what good is it if you only use it to scan a small portion of your data center? Are you saying the other parts of your data center are licensed 100% accurately? You NEED a SAM practice – document licensing rights, document contracts with your customer, have a paper trail with your reseller, know pricing changes, and use the tool to collect the actual data. Don’t know a SPLA tool provider? Use Octopus Cloud They are the only tool provider designed specifically for multi-tenant environements with licensing intelligence built in specific to the SPUR. Yes, I do marketing for Octopus 🙂

In summary, I know spending money to invest in an SPLA tool or SAM practice doesn’t seem appealing (it’s kind of like buying new windows for your house. Wow! I spent a thousand dollars on a new window, but no one would ever know it besides you). The same can be true about a SAM practice. A SAM practice will not win you new customers, but here’s one thing I will promise, it won’t lose you customers either.

Thanks for reading,

SPLA Man

 
Leave a comment

Posted by on June 15, 2021 in Uncategorized

 

Tags: , , , , , , ,

To use a tool or not?

28 Apr
Ahh, SPLA reporting. We’ve heard the line, the only sure thing in life is death and taxes. The only thing certain for a service provider is that Microsoft will change the licensing rules (frequently) and SPLA reporting. There’s not much we can do about Microsoft changing the licensing rules, but alas, there is something you can do about SPLA reporting. I’ve written this on several occasions, but it’s worth repeating. The biggest mistake a service provider will make is believing that SPLA reporting is a requirement by Microsoft. Yes, it is a requirement by Microsoft, but that is not the only reason you should track licensing. Let me provide an example, HostingRUs has one man managing their SPLA reporting. He runs a “foolproof” script that will identify everything in their environment. He reports all the licenses installed and looks at invoices to know the number of users to report. He submits it to his reseller. There is nothing wrong with that strategy except for one thing – nowhere in the reporting process is anyone tracking licensing rules, updates, optimization, and, more importantly, billing. So in the above example, yes, HostingRUs is reporting licenses to Microsoft, but they should consider so many other areas. Here’s another example. A member of my site (Mscloudlicensing.com) wrote me, saying, “Microsoft is really Sh*tting on me.” He has an application that requires Office Excel; his customer already owns Office 365. He wants to use the O365 license that his customer already purchased to be installed in his datacenter. Obviously, that is not possible without the QMTH addendum. That’s when he got a bit crabby and threatened an anti-trust lawsuit with Microsoft. (Good luck, my friend, but my money is on the company with a trillion dollars in the bank). What the service provider failed to do in this example is look at his datacenter environment from a perspective of what he can do, not what he can’t. He didn’t know he could offer just Excel (instead of the entire suite). He also didn’t consider using open office. He also had very little knowledge of who accesses the application indirectly. If you believe Microsoft changes the rules A LOT and SPLA reporting are cumbersome; then maybe a tool is worth it. I recommended Octopus Cloud to the service provider in my example above. Many service providers use Octopus to keep track of SPLA reporting, but more are using it as a business intelligence tool to understand what is happening inside their datacenter. Octopus helped him know what is installed versus what is reported (a big miss for him was reporting Office Standard, but Office Pro was installed – not only was he underreporting, but in reality, he just needed Excel in the first place, a third of the cost of Office Standard!) Can you imagine if he was audited? His customers just required Excel, but he was on the hook for Office Pro just because his engineer thought it was convenient when he installed it! So when I asked (in the title) should you use an SPLA tool or not? I would argue you can’t afford not to. If you report 1,000 dollars a month or 100,000 dollars a month, don’t you want to make sure you got it right? Thanks for reading, SPLA Man
 
Leave a comment

Posted by on April 28, 2021 in Uncategorized

 

Tags: , , ,