So, the ramblings below are really about establishing good inventory verification checks so that when we view data in the SAM suite we can be confident that the tools which do the discovery are producing the correct data and the SAM suite is interpreting it properly.
Any SAM program (not project!) will be keen to ensure that agents are rolled out to as many devices as possible. You will get push-back from the datacenter owners – they don’t want network performance to be impacted by something as tedious as reporting on software installations. So most likely, they will insist that inventory data is ported to a DMZ (a server that sits outside the ring of mission-criticality that the datacenter sits in) which hosts inventory data gathered at a time that suits their less busy operating periods.
You may also find general resistance to yet another toolset being introduced when there are existing toolsets which do a similar job. As with most things, different tools have different strengths and weaknesses, and while the temptation is to push for the ‘perfect’ agent from a licensing perspective, sometimes SAM suite specific agents will have to give way to reporting from any of the plethora of end point management tools out there. Any shortfall in quality results in compliance risk, so make sure you are escalating this through your Risk Management process for senior management to accept!
Top-tip: have data-cleansing procedures in place if you have agents AND end point management tools feeding into your SAM suite at the same time: DO NOT double-count your devices.
As for cloud deployments, both IaaS & SaaS APIs should be available to land data into the SAM Suite. If you need to allocate inventory data for the purpose of showback/ chargeback of costs, then you are stepping into the world of tagging!
Can you tag on-prem installation data? Yes, you can! Please head over to the SAM Charter website to read more (Using SAM to Create & Maintain your CMDB).
As I am fond of saying “Change is the enemy” – accordingly, new devices coming onto the IT estate will need to have inventory agents installing on them. We suggest you make the inventory agent part of any standard builds your organisation uses. This will save you the headache of discovering new devices and retroactively having to get them weaved into your SAM scope. Also, pay attention to when data was last reported: if your agents should be reporting daily, spidey senses should be tingling if inventory data is weeks old.
Finally, inventory agents, like any other piece of code, will go through a lifecycle of updates and refreshes. These need to be managed within the change management lifecycle provided by Service Management.
In an ideal world, all these technical details will be addressed as part of the Configuration Management process, and the SAM Suite will simply be a consumer of the accurate data contained within the CMDB. However, we know that all too often, the SAM team end up playing the role of data aggregator and end up being in the hot seat of having to address these technical data quality issues.
A final tip from an edge (case):
These days many organisations automate the management of software to such a degree that they have products that perform the duty of maintaining the architectural accuracy of your IT builds, which can impact your recycling activities.
The use case goes something like this: Your company has established a recycling trigger of 45 days of non-use after which the unused software will be removed to return it to the license pool. End point management products like Puppet or even MS Intune will scan a device post-recycling and see that the architectural footprint has been altered and then look to re-install the unused software you have just removed!
From an inventory importation process perspective, you could be quality-assuring your recycling efforts via inventory importation and wondering why no changes have been made!
It’s an edge case – we’ve not heard of many SAM teams caught out by this, but if you have these tools, you need to engage your IT Ops teams prior to the recycling to make sure the tools are temporarily configured to not reinstall software that has been removed.