1 / 22

Software Identification

Software Identification. Understanding the Methodologies (And Why it Matters). Kris Barker Co-founder & CEO Express Metrix / Apptria Technologies. Agenda. Software Identification – Why Do We Care? The Role of SAM Tools Identification Challenges Identification Methodologies

macon
Download Presentation

Software Identification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Software Identification Understanding the Methodologies (And Why it Matters) Kris Barker Co-founder & CEO Express Metrix / Apptria Technologies

  2. Agenda • Software Identification – Why Do We Care? • TheRole of SAM Tools • Identification Challenges • Identification Methodologies • Software Tagging Standard • Technology Selection Criteria • Summary and Q&A

  3. About Express Metrix • Recognized leader in IT asset management solutions • Express Software Manager (flagship product) known for superior software identification • Software catalog under development over 15 years • Launched Apptria Technologies in June, 2011 to help ISVs improve identification within their products

  4. Software Identification:Why Do We Care? • License compliance • Cost control (license “right-sizing”) • Corporate software standards • Migration planning • Version control • Security (malware) • Nuisance applications • Network impact

  5. The Role of SAM Tools • SAM is a process • Tools are a part of the process • Software identification is part of the tool • Accuracy should be key evaluation criteria • Identification is not foolproof ∴tools must be flexible!

  6. SAM Tool 3-Step Process 3. Reconciliation 1. Data Collection (compare to entitlements) (discover what’s out there) 2. Identification (recognize & normalize)

  7. Where Identification Takes Place • At the point of data collection • Locally (resident agent) • Remotely (remote access) • On the back end • From collected raw data • Based on other identification criteria

  8. Identification Challenges – Inconsistency Rules! • Evals, betas, RCs • Non-standard installation techniques (unzip / copy vs. install, non-MSI installs) • Inconsistently specified data (names, versioning, etc.) • Homegrown applications • Installation based on components vs. licensable entities • Suites and application editions • Application plugins / non-executable applications • Scarcity of ISO software id tagging • Etc.

  9. Identification Methodologies • Registry (Add / Remove) analysis • Installer (MSI) database • File header analysis • Software identification database • Software id tagging

  10. Registry (Add / Remove) Analysis Identification based on values in the registry and/or items shown in Add / Remove Programs • Pros • Easy to collect (including remotely) • Fast • Cons • Limited based on installation mechanism (incomplete) • Does not match 1-to-1 with entitlement requirements • May not sufficiently indicate/include version and/or SP level • May not include installation location information • May be inconsistent across releases

  11. Installer (MSI) Database Information obtained by querying the installed application database • Pros • Easy to collect basic data • Can also collect component relationships, etc. • Cons • Limited based on installation method (MSI) • May not match 1-to-1 with entitlement requirements • May not sufficiently indicate/include version and/or SP level • May be inconsistent across releases

  12. File Header Analysis Information contained within header of application executable files • Pros • Simple process (disk scan) • Finds everything executable • Cons • Requires full disk scan • Requires that each file be opened/read • Can’t tell file/application/entitlement relationship • Can’t completely determine suites • Data often inconsistent/incomplete • Shared component data may not be useful

  13. Software Identification Database(Software Catalog) Collected file and other signatures compared against a database of normalized applications • Pros • Can include file/application/entitlement relationship • Normalized, consistent application data (apples to apples) • Can handle suites, editions, other “more than .exe” apps • Can include other related information (categories, use rights) • Cons • Never 100% complete • Must be regularly updated

  14. Express Software Identification Database (ESID)* • Identification method utilized by Express Software Manager (client collects raw inventory/usage data) • Built on file information derived from combination of: • Registry analysis • Installer database • File header analysis • Start menu • Software id tags • Etc. • Designed to allow software to be organized and viewed based on licensing/entitlement • Ensures normalization / consistency • Updated monthly * OEMed to technology providers as the Apptria Software Catalog

  15. Express Software Identification Database

  16. Software ID Tagging Identification based on client-resident “tags” indicating the presence of applications • Pros • Normalized identification present on client • Doesn’t depend on installation mechanism • Can be present without any local component/executable • ISO standard • Relationship to entitlement standard for reconciliation • Cons • Not (yet) widely adopted • Questionable relevancy for older apps • Mixed environments create tool challenges

  17. Software Tagging Standard • ISO 19770-2 standard in place since November, 2009 • TagVault.org created as registration authority and information hub (info, tools, source code, etc.) • End-user interest • Large companies starting to request from vendors • Push from governmental agencies • Publisher / tool support • Adobe & Symantec leading the way • Most tool vendors have stated or planned support • Microsoft recently announced it will support • Entitlement (19770-3) standard work in progress

  18. Technology Selection Criteria • Collects everything (or close to it!) • Normalizes identified titles/vendors • Identifies with entitlements in mind • Provides means of handling unidentified commercial apps and homegrown apps • Analyzes and presents data in a way that addresses business issues

  19. Summary • Normalized, thorough identification is critical for effective SAM • Tools utilize different (and sometimes multiple) methods, each with pros and cons • Software tagging provides the promise of standardized identification, but timeframe is uncertain • Tools will always require some manual intervention – no identification method is perfect

  20. Learn More AboutExpress Software Manager • 30 day EvaluationExpressMetrix.com/trial • Live Product Demonstration • ExpressMetrix.com/products/webinars • Self-Guided Flash Demo • ExpressMetrix.com/products/demo

  21. Questions? Kris Barker kbarker@expressmetrix.com

  22. Learn More AboutExpress Software Manager • 30 day EvaluationExpressMetrix.com/trial • Live Product Demonstration • ExpressMetrix.com/products/webinars • Self-Guided Flash Demo • ExpressMetrix.com/products/demo

More Related