Clean Inventory Data Contract Overview for Customers

Transcription

1 Clean Inventory Data Contract Overview for Customers This document provides an overview of the Clean Inventory Data Contract (CIDC), which is an Excel workbook that consolidates and formats your Microsoft software deployment and usage data. The CIDC is used to generate the Established Deployment Position (EDP) and Effective License Position (ELP) reports, which are deliverables provided by your Microsoft Software Asset Management (SAM) Partner at the completion of your Microsoft SAM Engagement. The workbook is named data contract because it is specifically formatted (schema, data types, and validations) to work with the WorkSpace. The WorkSpace is a platform designed to facilitate the collection and analysis of high quality data gathered for SAM Engagements through the use of three main components: The WorkSpace Companion App (WCA), the WorkSpace Step 1 site (accessible via WCA), and the main WorkSpace site. There are a few steps to completing a CIDC; the first is uploading your anonymized Artifacts 1 (raw data files) to the WorkSpace Step 1 site (accessible via WCA) to generate the Standard Report, Enterprise Report, Refinement Report, and Preliminary CIDC; the second is to review and refine the reports to ensure all necessary data has been gathered; and the final step is to manually complete the CIDC by adding or adjusting information that cannot be collected through data collection tools. Your partner will complete the majority of these steps, working with you to ensure the most accurate and complete representation of your IT environment. The Standard Report provides a snapshot of inventory coverage and identifies gaps in data collection; the Enterprise Report provides global and per product views and rich data visualization features which are more suitable for management and executive review and the Refinement Report enables you to add more information about your software deployments. All reports should be reviewed before downloading the Preliminary CIDC. Reviewing these reports first provides an opportunity to identify any additional data points that need to be collected. All reports require the WCA to restore Personal Identifiable Information (PII) so they can be reviewed in detail. To improve data coverage, your partner will use the Standard, Enterprise and Refinement reports to identify workstations and servers that may need to be scanned again, marked as out of scope, or categorized for a particular environment such as Production versus Non-Production. New data and information can be uploaded to the WorkSpace Step 1 site, as anonymized Artifacts, to generate a new set of updated reports for review again. Your partner should iterate the process of identifying gaps in coverage, collecting more data as needed, and refining the information until the coverage is as good as can reasonably be achieved. More details on these reports and how to use them effectively is described below. Page 1 31 January 2018

2 Generating Reports and Refining Inventory Results To obtain a full and clear picture of your deployment data, it is likely that data was collected from different and multiple data sources. There are scenarios where a specific computer system may be referenced by multiple data sources or multiple times by the same source. Additionally, different data sources can specify the same data points with different values (e.g. virtual host) and data points that tend to be specific to a certain type of data source (e.g. last logon time). To provide the optimal result, the WorkSpace synthesizes an inventory record for each computer system that factors in all the available information. Many factors are taken into consideration when establishing the unique set of machines and their properties, but in general, the most recently discovered data points are the values reflected in the report. When collecting data, the WCA formats the raw data into what are called Artifacts and anonymizes PII contained within those Artifacts. The process of anonymization enables the WorkSpace Step 1 site to consolidate and de-duplicate data even when your PII is obscured. The anonymized Artifacts are then uploaded to the WorkSpace Step 1 site to generate the Standard Report, Enterprise Report, Refinement Report, and Preliminary CIDC. Standard Report The Standard Report is an Excel workbook that includes a summary of your data completeness, enabling your partner to identify gaps and machine level details to pinpoint those gaps for further investigation. Scan Summary: In the Scan Summary worksheet shown here, you can see the coverage percentage and count for both servers and workstations. In this example, there are 87 total servers (according to Active Directory) but the data collection by machine was only successful for 78 servers resulting in an 89% success rate, and the workstation count is only indicating a 67% success rate. To find out more about failed or incomplete scans, the other worksheets in the Standard Report provide machine level and user level detail. While this report may not indicate exactly why the scan failed, it does provide enough information to identify which machines need further investigation. Inventory: The Inventory worksheet contains machine level data that can be filtered to narrow in on failed or incomplete scans, as well as pertinent information such as, machines marked as out of scope in columns named InScope and ScopeReason. If a workstation has not connected to the network in 90 or more days, it will be marked as out of scope on the Inventory worksheet and will not show in the Scan Summary. The default value of 90 days can be changed when your partner creates the Standard Report in the WorkSpace Step 1 site. For example, it can be amended to 30 or 45 days, or you can override the scope in the Refinement Report marking a machine in or out of scope regardless of the number of days it has not connected to the network. Page 2 31 January 2018

3 Users: The Users worksheet helps identify the user counts necessary for accurately calculating the number and kinds of Client Access Licenses (CALs) you need. It is also useful for reviewing user activity by domain using the Last Activity Date or Days Since Last Activity columns to identify any users still connecting to the network that should no longer have access, further enforcing cybersecurity policies. Server Worksheets (i.e., Windows Server Worksheet): These various server worksheets show detailed server information such as processor and core counts, host and guest mapping, clustering, and server product edition and version. In addition to using this report for data coverage, your partner can gain valuable insights about how to improve your overall IT management. For example, in addition to improving cybersecurity by reviewing user activity levels, as mentioned above, machine activity levels can help you identify ways to optimize workloads. Machines that are determined to be out-of-use based on having no activity for some time could be decommissioned. For machines with low activities levels you may be able to determine applications and data that can migrate to cloud backup storage or even a pay as you go model, rather than continuing to support them on-premises. Enterprise Report The Enterprise Report is an Excel workbook that includes a series of 25 reports which provides a global and per product view of the collected inventory using rich data visualization features. Scan Report: This tab contains the same information as the Scan Summary tab of the Standard Report. Customers and partners can have a view of coverage and count for both servers and workstations. Page 3 31 January 2018

4 Deployment Summary and Deployment Report: These 2 tabs contain information of deployed quantities for Microsoft products. The Deployment Summary tab presents an easy to visualize way of deployed data, where information for servers and workstations are displayed in 3 groups: machines, operating systems and applications. The Deployment Report contains a view of all inventoried data. Windows Workstation Summary and Windows Server Summary: These worksheets contain a nice view for deployed quantities for Windows Workstations and Servers. For both worksheets, information is categorized by physical, hypervisor hosts, virtual machines and unknown (uncategorized). Page 4 31 January 2018

5 Hypervisor Summary and Hypervisor Report: These 2 tabs contain information related to virtual hosts and clusters. The Hypervisor Summary tab presents an overview of processor and core counts for hypervisor hosts. The Hypervisor Report is a detailed view of the Hypervisor Summary tab. Windows Server Detail: This worksheet shows detailed server information such as processor and core counts, host and guest mapping, clustering, and server product edition and version. Page 5 31 January 2018

6 Users: The Users worksheet helps identify the user counts necessary for accurately calculating the number and kinds of Client Access Licenses (CALs) you need. It is also useful for reviewing user activity by domain using the Last Activity Date or Days Since Last Activity columns to identify any users still connecting to the network that should no longer have access, further enforcing cybersecurity policies. In addition to the presented views, the Enterprise Report contains separated device views for the following products: SQL Server, SharePoint, Exchange, Lync, System Center, Dynamics CRM, BizTalk and Office. Refinement Report The Refinement Report is an Excel workbook that enables you to refine the data collected and fill in some of the information gaps so that your data coverage is complete and comprehensive. Notes that are added to the Refinement Report are carried over in later reports such as the CIDC and EDP to provide more information that may be needed further down the engagement process. Below are some examples of refinements that can be made by updating the Refinement Report and then uploading it again as an anonymized Artifact. Summary: This worksheet provides a high-level count of rows within the subsequent worksheets that should be reviewed and potentially updated along with instructions on what kinds of information can be adjusted. As changes are made on the other worksheets, the Summary worksheet will update accordingly. Page 6 31 January 2018

7 Workstations and Servers: These worksheets can be adjusted by indicating whether specific machines should stay in or out of scope. For example, it may be appropriate to exclude de-provisioned servers. Any machines believed to be valid and in-scope should also be refined as Physical or Virtual to ensure later license allocations are accurate, unless an additional data source will be used to target those machines. Partial OS and Non Microsoft: These worksheets include machine records for which the operating system record is incomplete, absent, or known to be from a publisher other than Microsoft. Virtual Hosts: This worksheet lists virtual machines where the virtual host is currently unknown. The name, number of physical processors, and number of physical cores for the host can be added so that the virtual machine is properly recognized and mapped later in the Preliminary CIDC. Completing this worksheet will also update the Standard Report to eliminate the unknown hosts section on each of the Server worksheets. SQL and Office Editions: In some cases, product edition detail for SQL and Office instances may not be captured during the data collection process. In this case, the edition should be added on the SQL Editions and Office Editions worksheets. Page 7 31 January 2018

8 Scope: Lastly, a complete list of machines discovered is available on the Scope worksheet, with their tool-assigned scope (in or out, based on activity and data collection status). Existing scope of any machine can be overwritten in the orange cells (moving in scope machines out, and the reverse). Machines already updated in the Workstations or Servers worksheets do not need to be handled again in the Scope worksheet. Once the Refinement Report is updated, it is anonymized and uploaded to the WorkSpace Step 1 site to generate another set of reports for review and a more accurate Preliminary CIDC. As mentioned earlier, your partner should iterate the process above to identify missing data, collect additional details as needed, and refine that information until the coverage is as good as can reasonably be achieved. Microsoft SAM Engagements require that data coverage must reach at least 90% for all devices. Manually Completing the CIDC After completing the above steps, the Preliminary CIDC can be downloaded for review and completion. Again, the WCA must be used to restore your PII. To manually complete the CIDC, your partner will work closely with you to add and verify information contained within the report. Completing the CIDC provides the WorkSpace site with guidance on how you are using your software deployments and other information that cannot be discovered via inventory tools. For example, whether a software deployment should map to a specific Licensing Model based on how it is being used, such as User versus Device CAL or a Processor versus Core License. The accuracy and completion of this information is critical to gaining the most value from your engagement as the final CIDC will be the basis for your EDP and ELP reports later. How to Complete the CIDC The first worksheet in the CIDC provides detailed instructions on what fields need to be reviewed and manually completed (also highlighted in yellow) throughout Worksheets A through G. These instructions include descriptions of the use of those fields and guidance on how to input the correct information. Page 8 31 January 2018

9 Worksheets A through G are broken out by common product groupings such as Hardware and Operating System, Client and Server Applications, Access Licensing, and User Subscription Licensing. These worksheets should be reviewed for accuracy and completed by following the specific steps outlined in the Instructions worksheet. There are several scenarios that may need to be reviewed and considered when making modifications to the CIDC. Here are just a few. Example modifications Scenarios If a physical server has four processors it requires two processor licenses, one for each dual-core processor. Therefore, the License Quantity Required would be updated from 1 to 2. License Quantity Required - A default value of 1 license per deployment is included but, in certain scenarios more licenses may be required. You may need to add required licenses for physical workstations accessing any Virtual Desktop Applications (VDAs) that may not have been discovered via inventory tools. When assigning licenses to a host, only 1 Datacenter license is required as it allows unlimited virtualization under that host. However, more than 1 Standard license maybe required depending on how many virtual servers are hosted. Effective License Quantity may need to be adjusted depending on your specific scenario. License Model Assigned - In certain scenarios, you may need to select between multiple and different license types. Depending on how users are accessing a server, here you can determine whether you need Device or User Access which will help match up the appropriate CALs later in your ELP. License Program Group Assigned - Used to differentiate between licenses that would typically appear in your MLS versus other license type such as OEM. Physical workstations or servers you've acquired should have come with an OEM license for the operating system. If you are not using your volume license agreement to upgrade to a newer operating system, then you would change this field to indicate you are using your original OEM license for these particular software deployments. Environment Type - Useful when determining whether MSDN licensing can be used. Depending on how you are using the software deployed, you may change the "Environment Type" from Production (default) to Development to leverage MSDN licensing. Page 9 31 January 2018

10 Additional Information Needed At least two additional reports are needed to complete your CIDC; a current Product and Program Definitions (Workspace_DomainData.xlsx) report and your latest Microsoft Licensing Statement (MLS). Your partner may also ask you for any other records and documentation that can aid in the completion of the CIDC. The Product and Program Definitions report is updated weekly and available for download by your partner from the WorkSpace site. This report is necessary for the completion of the CIDC as it contains details on the taxonomy (i.e., naming conventions) used within the WorkSpace site, such as License Product Family Names or License Product Family Version Names. If this information is entered incorrectly, then the CIDC may fail when uploaded to the WorkSpace site. In some cases, the upload may pass but the quality of the data loaded will be low or inaccurate resulting in timeconsuming rework. The MLS, which is provided by your SAM Engagement Manager, provides a detailed account of your Microsoft Volume License Agreements as well as the product licenses and Software Assurance (SA) benefits acquired under these agreements. This information is valuable when updating information in your CIDC such as which License Model you wish to use for specific deployments or whether you have SA benefits as part of one or more license agreements. To ensure accuracy, your partner should review the MLS with you to check whether all agreements are shown in your statement. Although you and your SAM Partner may refer to your MLS when completing the CIDC, it is important to review and add quantities and information into the CIDC based on actual software deployment and usage, not what licenses have been acquired through agreements. This ensures accurate reporting on how you should be licensing your software deployments versus how you are currently licensed. Uploading the Completed CIDC After the correct values have been entered, the Completed CIDC is encrypted using the WCA. This process ensures that your PII is not accessible to Microsoft or anyone in transit. 3 After encrypting the CIDC, your partner will upload the Completed CIDC to the main WorkSpace site, and continue on with the next steps of the engagement. If the CIDC fails to upload, a warning is shown and a CIDC Error Report is provided to help guide you and your partner through the necessary changes to successfully complete the CIDC report. The Error Report contains inline error reporting made directly to the CIDC report. When you or your partner open the Error Report, you will notice the spreadsheet looks identical to the CIDC file that you attempted to upload. The difference is that the Error Report has highlighted all of the cells that have caused a validation error to occur. The description of errors can be found in the Error(s) Description column added to the far right of the original columns in each of the worksheets where errors have occurred. The data set within the Error Report is still protected with PII encryption and file level protection, both of which should be removed prior to making edits to the report. For more information on all of the SAM Engagement deliverables, consult with your SAM Partner. For more details on the data collection process, anonymization, and encryption, ask your partner to provide the WorkSpace Companion App Overview and the Software Asset Management (SAM) Engagement Data Usage and Privacy Information documents. Page January 2018