Analysis of Snow Software on Determining SAP Indirect Access Exposure

Executive Summary

  • SAM software helps software companies manage their licenses and control predation on the part of software vendors. Indirect access, but what is really Type 2 indirect access is a type of license control that is enforced by SAP.
  • Snow Software provides this helpful article in how to deal with SAP indirect access.
  • SAP, with the help of compliant media entities, have “shifted the goalposts” a to the official definition of indirect access so they can coerce customers into not being disloyal and purchasing non-SAP applications and databases.

Introduction

In this article, we will analyze Snow Software’s article on whether it is possible to determine your internet access exposure.

Article Quotations

“SAP licensing is complicated. License entitlements can be open to interpretation and contract amendments can mean that financial liability for one customer may be very different in comparison to another, even if their usage and requirements are identical. It often depends on what deal was struck at the time of purchase.

Traditionally SAP licensing reviews and system measurements have focused on direct usage of an organization’s SAP environment. Direct usage on an individual level describes one user accessing SAP data directly through the SAP interface. The transactions which they perform determine what license type (or types) the user should be assigned. This in turn determines the associated cost for that user to perform their required tasks within the SAP system.

Even correctly managing licensing of direct users is more complicated than it might first appear. An organization with 10,000 users of its SAP environment could have many groups of users who transact in very different ways. The users may change jobs and so need to use the SAP environment differently from one year to the next. Other users leave the organization and of course it’s no longer necessary to have a license assigned to them.”

What SAM Software Does

Very true. Actually, most of what SAM software does is actually manage direct user licenses.

“If your organization’s doesn’t keep on top of this and effectively manage licenses, you’ll almost definitely be paying over the odds for your licenses or you will be hit with a big fee following system measurement (LAW) submission or a more comprehensive SAP audit.”

And this is in fact very common as most SAP customers do not use SAM software.

“The risk becomes even greater when you consider Indirect Usage. That’s because you may face licensing liability for a far greater number of users compared to those who you know directly access the SAP system. That 10,000 user license requirement could two, three, even four times more if a third-party application accesses your SAP data.”

The Type of Indirect Access Enforced by SAP

There are really two ways to look at this. One is that the type of indirect access most often enforced by SAP is called Type 2 indirect access. Brightwork has repeatedly questioned the validity of SAP’s creation of Type 2 indirect access.

The second way of looking at it is that SAP does enforce Type 2 indirect access, although it does not actually have the right to do this.

“One thing is clear. The better prepared your organization is, the better you understand overall usage of your SAP environment from every user and the better you can map this to existing entitlements, the stronger you will be when it comes to an audit or a negotiation. To do this effectively, you need a system that can automatically consolidate all of the necessary data and automate the required tasks.”

That is certainly true.

So What is Indirect Access?

“A simple example of Indirect Usage is where an SAP system is accessed or queried through a third-party application. The way in which that third-party system interacts with the SAP system, whether the interaction originates from a users’ actions and whether data is manipulated or changed within the SAP system all contributes to whether SAP defines the need for an additional license and, therefore, additional cost.

If you had to read that sentence twice, you’re likely not to be the only one. The fundamental issue is that SAP “Indirect Usage” changes definition from company to company and that is causing confusion amongst the SAP user community.”

And the answer as to why is that SAP selectively applies indirect access in order to maximize the revenue taken from its customers. In some cases, it is not in SAP’s sales interest to bring up the topic, in other cases, it is.

“In a rather ironic twist of fate, the push from the large SAP user communities across the globe for more clarity on Indirect Usage has actually led to potentially greater financial exposure. That’s because SAP made changes to their enforcement of the price and conditions list (PCL) in October 2016. More on this below. Indirect Usage is categorized in a few different ways depending on the technical method used to access the SAP environment. To add to the opacity around this, there is also a greater or lesser likelihood that SAP will choose to charge additional license fees dependent on the “type” of Indirect Usage there is.”

That may be true. It seems that whenever SAP releases more information on indirect access, it expands what its definition of indirect access is.

External Third Party Systems

“Common examples of this type of Indirect Usage include large ISVs like SalesForce.com, Workday and QlikView; Business Intelligence systems and payroll systems. This may also include smaller systems to perform a particular task not possible in default SAP software.

In this instance, the third party systems are accessing the SAP environment, pulling data and often writing it back via a connection to the SAP environment. Here a “user” must be set up to gain access to the SAP system. On the surface then it can appear like only one user (or a small number of users) is performing actions on the SAP system. In reality though, the “user” will be performing far more tasks than is possible for a single person to undertake.

Multiple users are indirectly using SAP data to perform tasks. The challenge that someone investigating this type of Indirect Usage often faces is that they are unaware of these third-party systems within their organization’s IT estate. To identify such systems requires either surveying application owners or looking for anomalous usage directly within the SAP system.”

Once again, this is Type 2 indirect access. It is not historically what has been called indirect access.

“Flags to look out for include:

#1: “Work time” check for all users: Checks rolling two-day time windows for constant activity without a pause of at least eight hours

#2: “Volume of work” check: Looks for users with an extraordinary amount of activity (measured by changed or newly created DB table entries)

#3: “Cross-component usage” check: Looks for users which changed DB table entries or newly created them from different SAP modules in the same second.

In practice, the interviewing process alone is insufficient and attempting to analyse the SAP system manually is impractical for a system with over a certain amount of users. This is because it requires manual consolidation of numerous data sources before any possible conclusions can be made.

The more efficient approach is to use a system which can automatically consolidate the data meaning that anomalous activity can be identified much faster.

This method of Indirect Usage is the clearest cut and we covered this in a lot more detail last year. If a system accesses SAP in such a way, you are likely to be financially liable. It’s extremely important to understand precisely how the interaction takes place, how may third-party users may require a license and what type of license they will require.”

Yes, SAM software is one of the primary ways to determine the Type 2 indirect access that the customer is performing. Although this still may not provide the details of all the indirect access exposure.

SAP Add Ons

“In October 2016, SAP made changes to their enforcement of the price and conditions list (PCL) with the intention of clarifying some of the definitions around SAP and based upon pressure from the various user groups across the globe. This is where the irony lies because it has, in fact, led to a new license requirement for third-party add-ons.

Within the PCL, SAP added that users, in addition to the Runtime usage right of the SAP NetWeaver Foundation, must acquire an additional SAP NetWeaver Foundation for Third Party Applications.

This means that users of a third-party system which is an add-on to SAP and installed via the NetWeaver platform must pay an additional license fee on top of their existing Named-User license.”

So SAP charges double for NetWeaver? One to run SAP apps and one to run non-SAP apps. This double purchasing is very similar to SAP’s policy on HANA, which is covered in the article The HANA Police and Indirect Access Charges.

“Many customers see this as a shift of the goalposts and it will be particularly frustrating to organizations who were recommended to develop customer-specific solutions into their landscape by SAP itself.”

The Shifting Goalposts of Indirect Access

SAP has been constantly shifting the goalposts on the topic of indirect access. And this is something that my research indicates will continue in the foreseeable future.

“Because this enforcement is new, many organizations will not be immediately exposed to financial liability and SAP typically takes a staggered approach to enforcing licensing rules.

The best advice and option would be not to rest easy because of the lag between rule creation and rule enforcement. Make sure that you understand what your potential liability might be. Consider whether there are named user licenses which are assigned to inactive users and making up shelfware. If there’s a potential for this shelfware to use a third-party add on, there may be a case for SAP to charge your organization the additional fee. If your shelfware is properly expired and retired, there is no risk. Again, an automated system which can do the leg work for you will ensure you are in a stronger, optimized position.”

These are all very good points.

IoT and other Databases

“The third and final category to consider is also the least well defined. However, it still absolutely should be taken into account. This category concerns “things” writing data to the SAP system. “Things” could mean sensors in a warehouse measuring temperature throughout the building and alerting when that temperature moves outside of defined parameters. It could mean data transferred from mining vehicles when they return to base, tracking usage of the vehicle and distance travelled to estimate when tyres need changing or when the truck must be serviced. In this real example, the customer wasn’t liable for any additional named user license because there is no human interaction. The data is transferred automatically when the vehicles cross a threshold.

On the other hand, a scenario where additional licenses were required was in a slightly different form of data exchange via Electronic Data Interchange or EDI. In this case, warehouse scanners were used to read data from barcodes into the SAP system. The difference was that humans click the button to read activate the scanner. The customer in this case was told that they needed named user licenses for each user who could potentially use the barcode scanner and hence “use” the SAP system.”

All Systems Should be Subject to Indirect Access Fees…or Only SAP?

The reason this requires drawing ludicrous distinctions is that SAP’s proposal on Type 2 indirect access makes no sense. If the scenario above means that SAP is owed indirect access fees, then all systems that connect to SAP also should receive indirect access fees as well.

”From a legal perspective, the issue of indirect usage and SAP’s respective license types is complicated as its assessment involves questions of contract law, copyright law and possibly also of competition law. What matters is that companies using SAP software are aware of the risk that is attached to indirect usage of the software.

In order to be able to evaluate such risks, technical tools that help to get an idea of the intensity of indirect usage helps. If a company believes that it has a high risk with regard to this issue and does not want to meet SAP’s additional payment request, an individual legal analysis may help to clear the picture.“

Fee or No Fee?

“So that is the distinction. Involve a human user in some way and you may be asked to license that user. Remove any human interaction and you are unlikely to need to pay for additional licenses (at the time of writing). As in all of the examples above, however, this won’t stay the same forever and if your organization is embracing new technologies at a rapid rate, just remember that SAP might want a cut of the pie at some point down the line.

Again, the advice remains the same. Understand usage, understand the architecture of your environment and continually optimize. Do not let things change over time without tracking it. If you do, you could be faced with a substantial unbudgeted bill.”

Conclusion

Snow Software has made a good effort in getting into the details and have provided some very good information in this article. There is a lot of detail in this article that does not appear to have been published elsewhere.

  • At Brightwork, our perspective on Type 2 indirect access enforcement by SAP is inconsistent with what all other software vendors do, and what has been the historical interpretation of indirect access.
  • It also is the case the indirect access is applied so differently by SAP based upon factors related to the sales situation at the customer, that it does not only come down to technically whether a customer meets the definition of Type 2 indirect access.

References

SAP Licensing Contact Form

  • Have Questions About SAP Indirect Access and Licensing?

    Our independent experts get no compensation from SAP, so we can deliver you honest answers about indirect access and licensing.

    This article is free, we do not answer questions for free. Filling out this form is for those that have a budget. If that describes you, just fill out the form below and we'll be in touch asap.

https://www.snowsoftware.com/int/blog/2017/01/30/sap-audits-it-really-impossible-accurately-determine-your-financial-exposure

How Accurate Was Snow Software on their Optimizer for SAP?

Executive Summary

  • Snow Software covers topics related to SAP indirect access and how to minimize the ongoing SAP licensing overhead. In this article, we evaluate Snow’s article for accuracy.

Introduction

In this article, we will focus on Snow Software’s media output on SAP indirect access.

SNOW OPTIMIZER FOR SAP SOFTWARE AT A GLANCE

  • “View consolidated usage data across all SAP systems
  • Automate SAP user license administration
  • Identify and trace indirect usage
  • Centrally manage contracts and addendums
  • Contain HANA license costs
  • Optimize BusinessObjects licensing
  • Install and manage within the SAP environment (SAP certified)”

This is interesting in that it shows licensing for HANA and for BusinessObjects. It is curious that it is called out separately.

INVENTORY & ANALYZE SAP USAGE TO ELIMINATE WASTED SPEND

“Snow Optimizer for SAP Software provides deep-dive analysis into transactional and individual usage data, identifying opportunities to reduce costs and liabilities by eliminating duplicate users and unused licenses.  The solution can automatically recommend ‘best-fit’ license types based on user behavior, making it easy to switch from expensive licenses to cheaper ones where appropriate.  Automatic monitoring frees up SAP administrators to focus on core duties and ensures information is always up-to-date in case of an audit or review. Contract Management and compliance reports can provide guidance and insight as well as help achieve savings through better negotiations with vendors.”

This is what SAM software for SAP provides users. SAM software should allow companies to “right size” their licenses.

INDIRECT USAGE

Through this functionality, Snow Optimizer for SAP Software provides comprehensive data about Indirect Usage which enables the organization to significantly reduce financial exposure and to highlight risk in the future.

Another critical reason for SAM software is indirect usage. Indirect usage from SAP comes quickly, which is why it is essential to have SAM software already installed.

MINIMIZE ONGOING SAP LICENSE ADMINISTRATION OVERHEADS

“Snow Optimizer for SAP Software maintains up-to-date details on all SAP license allocations, giving SAP administrators the ability to adjust license types and distribution on-the-fly. Automated rule sets quickly align individual users with the correct license in the correct system based on their activities.

Alerts can be triggered when the organization nears license limits under current contracts or specific activity restrictions.  Pre-defined rules help organizations prevent actions that would incur unexpected or unacceptable costs.”

The concept of SAM software is that it is continuously used, to provide an accurate picture of usage versus the customer’s licensing. Alerts are particularly helpful in keeping logic working in the background that can tell the customer when a change occurs.

AVOID MISTAKES WITH ‘WHAT IF’ PLANNING

“Snow Optimizer for SAP Software can be used to test a variety of “what-if” scenarios that enable the organization to model how changing the deployed license types would affect SAP licensing and support costs. Scenarios can be played out in the solution without making any changes on the live system until the organization is happy with the results, avoiding potentially costly licensing mistakes.”

What if planning has quite a lot of uses. For instance, knowing what the costs will be when making changes to the software and the usage of the software that is planned.

Financial Disclosure

Financial Bias Disclosure

This article and no other article on the Brightwork website is paid for by a software vendor, including Oracle and SAP. Brightwork does offer competitive intelligence work to vendors as part of its business, but no published research or articles are written with any financial consideration. As part of Brightwork’s commitment to publishing independent, unbiased research, the company’s business model is driven by consulting services; no paid media placements are accepted.

SAP Licensing Contact Form

  • Have Questions About SAP Indirect Access and Licensing?

    Our independent experts get no compensation from SAP, so we can deliver you honest answers about indirect access and licensing.

    This article is free, we do not answer questions for free. Filling out this form is for those that have a budget. If that describes you, just fill out the form below and we'll be in touch asap.

References

https://www.snowsoftware.com/int/products/snow-optimizer-sapr-software

Enterprise Software Risk

See our free project risk estimators that are available per application. The provide a method of risk analysis that is not available from other sources.

Analysis of Snow Software on Ways to Cut Spending

What This Article Covers

  • Quotes from Snow Software
  • Analysis of the Quotes

Introduction

Snow Software wrote a paper titled 5 Ways to Cut Spending on SAP Software. In this article, we will analyze this paper.

Quotes from Snow Software’s Article

SAP has more than 40 named user license types in its standard definitions, ranging in price from $60 to $7,000 per license. These license types determine what transactions the user is permitted to perform in the environment. SAP puts the onus on its customers to assign the appropriately named user license type to each user account. Without the right data upfront, the only way to do this is to generalize and attempt a best-fit. The work that individuals perform can change year on-year. This means that a license type which once fit well beforehand is no longer compliant

It is in fact quite interesting that SAP has such a broad continuum of user license prices.

Organizations typically end up overspending because they do one or both of the following:

  1. Purchase unnecessarily costly named user license types to ensure coverage of user’s requirements, but also cover them for use of transactions that they do not need.
  2. Keep user-license assignments static until the next SAPmandated system measurement, and then pay the fees that SAP requests for any shortfall.

So basically customers have a hard time optimizing their licenses. I think there is a common misimpression that the company’s contract or purchasing arm will perform license optimization. This is not the case. And one does require software to provide the necessary information. This also keeps SAP from leading the discussion, which will, of course, lead to more of what SAP wants, rather than what the customer needs.

During a proof of concept, Snow typically discovers around 20% of licensed users in an organization who have been inactive for more than 90 days. Users who have been inactive for more than 90 days (or whatever date is deemed appropriate) can have their license returned to a pool (re-harvested) for reassignment as and when they are required.

This was quite interesting. This means that many customers are over licensed. This is also interesting because SAP only ever discusses the potential of being “under licensed.”

This environment evolves over time as new systems are added. Users must be licensed to access these systems and so they are often provided with a new account, the username of which may be different from the username they have for other systems.

Another issue where SAM software can assist.

Indirect Usage is, in simple terms, where an SAP system is accessed or queried through a third-party application. The way in which that application interacts with the SAP system and underlying data can have a significant impact on licensing requirements and financial exposure at the point of audit. If any individuals are accessing SAP-stored data through third-party software, organizations must ensure that they have an SAP named user license of the right type provisioned for them.

Why this is true. The assumption presented here is that all integrations to SAP applications mean that the customer needs to have licenses. This is an endorsement of SAP’s Type 2 indirect access. However, Brightwork has repeatedly questioned whether this type of indirect access is even valid. This is the concerning feature of SAP, that they can make a proposal which breaks with the legal precedent in licensing, and pretty soon everyone from consulting companies to SAM vendors is repeating it.

Organizations should build up an architectural diagram of Indirect Usage across the SAP environment. This places them in a strong position when SAP audits because any additional fees are based upon real usage, not an estimated and perhaps overinflated value which is indefensible because of lack of visibility.

Yes, this is true, SAP sets about to cheat its customers whenever possible. So SAM software is necessary because the customer must have access to usage information that is independent of SAP.

SAP licensing is not only based on per-user metrics, but includes software engines as well. SAP engines (aka packages, modules and add-ons) are optional applications for which additional licenses must be purchased. The metric used for licensing differs by engine, and is based upon the objects that exist within that application or its total CPU consumption. For example, the metric for SAP Payroll Processing is number of master records, while the metric for SAP E-Recruiting is number of employees.

This is apparent from reading the SAP Price List. It is so complex to price many of SAP’s applications, that even account executives rely on a professional pricing expert that does nothing but pricing within SAP. What Snow software is saying is that this pricing is built into their software. We are not validating this, but if true it is an impressive accomplishment given SAP’s pricing complexity.

SAP licensing is both complex and open to interpretation. Typically, environments have been running for many years, so it is difficult to get a handle on which licenses are assigned to which users, whether those licenses are correct for the user and indeed whether a license is required at all.

This quotation highlights how licensing must be run occasionally as the usage of the SAP system changes over time.

Conclusion

Snow Software’s paper was quite helpful and educational. The indirect access quotations are a concern for reasons already listed in this article.

References

http://go.snowsoftware.com/rs/377-PWR-208/images/5Ways_To_Cut_Spending_On_SAP_Software_en_aug.pdf?aliId=12824339