OIT Software Asset Management
Software Asset Management (SAM) is a subset of IT Asset Management (ITAM) and includes the framework, processes, and tools to strategically oversee the financial, contractual, compliance, and risk aspects of IT software assets throughout the lifecycle.
What is the OIT Software Asset Management
OIT’s Software Asset Management Program includes personnel, processes, and tools to deliver the benefits of SAM by overseeing the lifecycle of campus software assets. Originally solutioned through Financial Futures, the program will improve cost efficiency by eliminating redundant and over-licensed products, redeploy unused licenses, and reduce compliance risks. This will be achieved by analyzing software deployments and license assignments with a software asset management tool called Eracent ITMC. Eracent ITMC is an important element of the SAM program that collects the hardware and software inventory from campus computers and delivers a comprehensive view of the assets and compliance. Additionally, Eracent ITMC delivers the vulnerability tracking, network identification, and audit preparedness required by the Secure Computing Standard for Computers.
Why is a SAM program necessary?
Presently, there is not a cohesive oversight of software assets for the CU Boulder campus. Some software is centrally managed by OIT, but this only accounts for 8% of the campus’ total software spend. Decentralized management can result in redundant software types, underutilized contracts and licenses, inconsistent distribution methods, vulnerable software, and increased compliance risks.
The SAM program delivers the knowledge, skills, and tools to effectively manage campus software assets. Eracent ITMC will gather, analyze, and report the data necessary to answer questions such as:
- Are CU's negotiated contracts being fully utilized?
- Is the university’s collective buying power being leveraged?
- What products and capabilities exist in the software inventory?
- Where is the software deployed and who is using it?
- Is a product already delivering capabilities so that new investments aren’t necessary?
- Is software deployed in a compliant manner?
- Is the software supported and secure?
Eventually, the SAM program’s contribution to campus will be a more cost effective, compliant, and secure software portfolio than can be realized by current methods.
Frequently Asked Questions
What is Eracent?
Eracent IT Management Center (ITMC) is a Software Asset Management tool that collects the hardware configuration and software inventory from computer devices to support life cycle management, software compliance, deliver data to IT, other business initiatives, and financial management programs, and support informed decisions about sourcing and funding.
Why is OIT deploying Eracent?
Eracent ITMC is a key component of OIT’s Software Asset Management program which aims to optimize the university’s software investments and minimize potential compliance risks related to deploying and using software. ITMC’s data and compliance reporting enables SAM to identify opportunities to consolidate software titles, reclaim or share unused licenses, and react to compliance risks. Eracent ITMC also supports the Secure Computing Standards for Computers policy by providing the means to, “Gather and send hardware and software information to central inventory for vulnerability tracking, network identification, and audit preparedness.”
Where will Eracent be deployed?
For maximum effectiveness, a software asset management tool needs to have full visibility of an organization’s computing environment, including servers and desktops. This is important to identify opportunities for license reuse, cross departmental sharing, and campus compliance. Therefore, OIT’s strategy is to have the Eracent ITMC agent installed on every university owned computer. Understanding that some computers operate in secure environments or hold sensitive data, the ITMC installed agent is configured to send and receive encrypted information only from an on-campus collection server that is operated by OIT.
When will Eracent be deployed?
The Eracent ITMC application is already running in the OIT datacenter, and a data collection server is set up to communicate with the ITMC agent. OIT is planning a phased rollout of the agent, beginning with its own computers. Once the agent’s deployment and operation are verified and the ITMC application is configured to analyze the software commonly deployed on campus, OIT will continue rolling out the agent to campus computers to support the Secure Computing Standards for Computers policy.
How does Eracent collect computer data and where does it go?
After the ITMC agent is installed on the computer, it runs a full hardware and software inventory and sends the data encrypted to an on-campus collector server which passes the information on to the ITMC server where it is stored. After the initial inventory, the agent analyzes changes to the computer’s configuration and updates ITMC when changes are detected.
How does OIT use the information Eracent finds on my computer?
The information is used to help OIT support the lifecycle of your computer (e.g., is it time to replace your computer) and to confirm that your software is updated and properly licensed. By knowing where software is deployed, OIT can compare the inventory against purchase records to identify either surplus licenses that can be reused elsewhere, avoiding new purchases, or a shortage of licenses, allowing OIT to address the issue before it becomes a university liability.
Does Eracent monitor my web browsing?
No, the ITMC agent will not monitor web browsing or similar activities on your computer, its function is to report your computer’s hardware and software inventory.
What can I expect to see after Eracent is installed on my computer?
The installation and daily operation of the Eracent ITMC client should be completely transparent to you. The client uses very little of your computer’s resources so it shouldn’t interfere with other software that is running.
What should I do if I believe the Eracent client is causing problems with my computer?
If you believe that the Eracent ITMC client may be causing problems with your computer, you should contact your local IT support team or the IT Service Center.
Does Eracent pose a security risk for my computer?
Any software installed on your computer can be a security risk. However, OIT has taken precautions to ensure that the ITMC application and client operate within the standards set by the OIT IT Security team. These actions include operating the Eracent application completely within the on-campus network and allowing the client to send or receive information only if your computer is connected to the secure Cisco AnyConnect VPN.
Status and Program History
Timeline
| Activity | Planned Start/End Dates | Status | Description |
|---|---|---|---|
| Hire SAM Personnel | December 2019 - April 2020 | Completed | Recruit, hire, and onboard two positions (Software Asset Manager, Software Licensing Analyst). |
| Initiate OIT charter project | January - February 2020 | Completed | Create OIT project charter, approve project, identify project manager, and schedule kickoff meeting. |
| Initial Project Discovery | February 2020 - January 2021* | Completed | ID stakeholders, form project teams, current state analysis, list current software, collect software contracts, baseline SAM activities. |
| Develop Program Strategy | June - September 2020 | Completed | Establish program governance structures, roles, & responsibilities; draft, approve, and publish program policies (deferred). |
| Develop Procedures and References | May 2020 - January 2024* | In progress | Purchasing procedures, software standards procedures, software standards list, contracts repository, life cycle procedures, compliance and audit procedures, SAM metrics & KPIs (Most are completed at this time). |
| Software Catalog | May 2021 - February 2022 | Completed | Draft software catalog, draft SW acquisition process, publish and communicate SW catalog, integrate SAM with service desk (deferred). |
| Acquire SAM Tool(s) | May 2020 - September 2021* | Completed | Develop tool requirements, compare against existing tools, demos, develop RFP, bid, procure, and acquire. Selected Eracent ITMC. |
| Eracent ITMC Test Implementation & Integration | September 2021 - February 2022* | Completed | Implement infrastructure prerequisites, prepare management environment, set up discovery agents. |
| Pilot implementation of Eracent ITMC Discovery | May 2023 - January 2024 | In Progress | Deploy Eracent ITMC Discovery agent to pilot groups. |
| Pilot implementation of ITMC LifeCycle | May 2023 - January 2024 | In Progress | Begin usage of Eracent ITMC LifeCycle with pilot groups. |
| “Go live” with Eracent ITMC Discovery | May 2023 - January 2024 | In Progress | Begin providing Eracent ITMC Discovery. |
| Collect software inventory | April 2023 - January 2024 | In Progress | Initial inventory within Eracent ITMC, identify and normalize software. |
| Pilot Assessment | January - February 2024 | Not Started | Assess pilot outcomes based on success criteria |
