Software Identification Understanding the Methodologies (And Why it Matters) Kris Barker Co-founder & CEO Express Metrix / Apptria Technologies

Agenda  Software Identification – Why Do We Care?  The Role of SAM Tools  Identification Challenges  Identification Methodologies  Software Tagging Standard  Technology Selection Criteria  Summary and Q&A

About Express Metrix  Recognized leader in IT asset management solutions  Express Software Manager (flagship product) known for superior software identification  Software catalog under development over 15 years  Launched Apptria Technologies in June, 2011 to help ISVs improve identification within their products

Software Identification: Why Do We Care?  License compliance  Cost control (license “right-sizing”)  Corporate software standards  Migration planning  Version control  Security (malware)  Nuisance applications  Network impact

The Role of SAM Tools  SAM is a process  Tools are a part of the process  Software identification is part of the tool ▫Accuracy should be key evaluation criteria ▫Identification is not foolproof ∴ tools must be flexible!

SAM Tool 3-Step Process 1. Data Collection (discover what’s out there) 2. Identification (recognize & normalize) 3. Reconciliation (compare to entitlements)

Where Identification Takes Place  At the point of data collection ▫Locally (resident agent) ▫Remotely (remote access)  On the back end ▫From collected raw data ▫Based on other identification criteria

Identification Challenges – Inconsistency Rules!  Evals, betas, RCs  Non-standard installation techniques (unzip / copy vs. install, non-MSI installs)  Inconsistently specified data (names, versioning, etc.)  Homegrown applications  Installation based on components vs. licensable entities  Suites and application editions  Application plugins / non-executable applications  Scarcity of ISO software id tagging  Etc.

Identification Methodologies  Registry (Add / Remove) analysis  Installer (MSI) database  File header analysis  Software identification database  Software id tagging

Registry (Add / Remove) Analysis Identification based on values in the registry and/or items shown in Add / Remove Programs  Pros ▫ Easy to collect (including remotely) ▫ Fast  Cons ▫ Limited based on installation mechanism (incomplete) ▫ Does not match 1-to-1 with entitlement requirements ▫ May not sufficiently indicate/include version and/or SP level ▫ May not include installation location information ▫ May be inconsistent across releases

Installer (MSI) Database Information obtained by querying the installed application database  Pros ▫ Easy to collect basic data ▫ Can also collect component relationships, etc.  Cons ▫ Limited based on installation method (MSI) ▫ May not match 1-to-1 with entitlement requirements ▫ May not sufficiently indicate/include version and/or SP level ▫ May be inconsistent across releases

File Header Analysis Information contained within header of application executable files  Pros ▫ Simple process (disk scan) ▫ Finds everything executable  Cons ▫ Requires full disk scan ▫ Requires that each file be opened/read ▫ Can’t tell file/application/entitlement relationship ▫ Can’t completely determine suites ▫ Data often inconsistent/incomplete ▫ Shared component data may not be useful

Software Identification Database (Software Catalog) Collected file and other signatures compared against a database of normalized applications  Pros ▫ Can include file/application/entitlement relationship ▫ Normalized, consistent application data (apples to apples) ▫ Can handle suites, editions, other “more than.exe” apps ▫ Can include other related information (categories, use rights)  Cons ▫ Never 100% complete ▫ Must be regularly updated

Express Software Identification Database (ESID)*  Identification method utilized by Express Software Manager (client collects raw inventory/usage data)  Built on file information derived from combination of:  Registry analysis  Installer database  File header analysis  Start menu  Software id tags  Etc.  Designed to allow software to be organized and viewed based on licensing/entitlement  Ensures normalization / consistency  Updated monthly * OEMed to technology providers as the Apptria Software Catalog

Express Software Identification Database

Software ID Tagging Identification based on client-resident “tags” indicating the presence of applications  Pros ▫ Normalized identification present on client ▫ Doesn’t depend on installation mechanism ▫ Can be present without any local component/executable ▫ ISO standard ▫ Relationship to entitlement standard for reconciliation  Cons ▫ Not (yet) widely adopted ▫ Questionable relevancy for older apps ▫ Mixed environments create tool challenges

Software Tagging Standard  ISO standard in place since November, 2009  TagVault.org created as registration authority and information hub (info, tools, source code, etc.)  End-user interest ▫Large companies starting to request from vendors ▫Push from governmental agencies  Publisher / tool support ▫Adobe & Symantec leading the way ▫Most tool vendors have stated or planned support ▫Microsoft recently announced it will support  Entitlement ( ) standard work in progress

Technology Selection Criteria  Collects everything (or close to it!)  Normalizes identified titles/vendors  Identifies with entitlements in mind  Provides means of handling unidentified commercial apps and homegrown apps  Analyzes and presents data in a way that addresses business issues

Summary  Normalized, thorough identification is critical for effective SAM  Tools utilize different (and sometimes multiple) methods, each with pros and cons  Software tagging provides the promise of standardized identification, but timeframe is uncertain  Tools will always require some manual intervention – no identification method is perfect

Learn More About Express Software Manager 30 day Evaluation ExpressMetrix.com/trial Live Product Demonstration ExpressMetrix.com/products/webinars Self-Guided Flash Demo ExpressMetrix.com/products/demo

Questions? Kris Barker

Learn More About Express Software Manager 30 day Evaluation ExpressMetrix.com/trial Live Product Demonstration ExpressMetrix.com/products/webinars Self-Guided Flash Demo ExpressMetrix.com/products/demo