Stop Overpaying, Take Control of SAP Licensing and Only Pay for What You Actually Use

May 29, 2019

Darren Wilensky | Product Manager | Ivanti

Mareike Fondufe | Ivanti

The SAP® licensing model is complex. Without realizing it, you might be significantly overpaying for your SAP® ERP, SAP® ECC or SAP® S/4 HANA licenses.

  • Stop overpaying for misclassified professional user licenses you don’t really need.
  • Stop risking unauthorized access to SAP data from indirect access users
  • Stop only managing user licenses, but not optimizing software engine licensing
  • Stop paying for dormant licenses and purchasing additional licenses when you could be reallocating licenses to new users

Whatever it may be, make sure you have a handle on your SAP licensing before having to submit your next annual SAP License Administration Workbench (SLAW) report to SAP.  We can help you take the guesswork out of SAP license classification while delivering the deep insights you as SAP administrator need to prevent indirect access usage and unauthorized data consumption. Take back control. Save your webinar spot today!


Maraca: Today's webinar, "Take Control of SAP Licensing and Only Pay for What You Actually Use." Thank you for joining us today. Please note that your lines are currently muted. But in case you have any questions that come up, please send us these using the Q&A windows here in WebEx. Darren Wilensky will be taking you through today's session. And Darren is our Senior Product Manager here at Avanti for our ITXM solutions. And Darren has over 20 years of experience with software asset management and the wider ITAM solution portfolio. Welcome, Darren.

Darren: Thanks, Maraca [SP]. And thanks, everyone for joining. So today we're going to talk about SAP licensing, some of the challenges that go with that. We'll also talk about Ivanti's offering, Optimizer for SAP. We'll talk about some of the key benefits. And then we'll leave some time for question and answers. So let's just jump right to it.

So what are some common SAP challenges? Well, some think SAP is probably the most complex vendor out there in terms of understanding your compliance and how things are licensed. They have several different licensing models. There's things like indirect access. There's different users and how things get consolidated and grouped. And it's quite challenging to manually understand, you know, where you stand in terms of your license compliance. SAP audits are usually very intrusive and very frequent compared to other vendors. They have a large revenue stream coming from audits. Typically, they've been seen as one of the more aggressive vendors out there in terms of auditing you.

The risks of not being compliant for SAP are quite high. This is for a number of reasons. You know, the most common is indirect access, and this is something that I believe started about six years ago or so that SAP started to force you to be licensed for accessing their system through a back end channel, through an API, or really anything causing a transaction or what they considered a transaction to be licensed for that. So it's very easy to not be compliant. As well as they have open architecture of the system. You know, they have different user types for their licenses, which we'll get into. But a lot of times in SAP solution, you're able to access more than you would think. They don't stop you in some ways.

So you can very easily fall out of compliance even if you are allocating the licenses you purchased to users, and they start going outside of where they should be. And because of those last two things, the risk of not just being not compliant is high. But, you know, in terms of being, using a lot of, or not using a lot of things and having a lot of waste is something we typically see. And SAP themselves, they usually look at something called the LAW Report to see where you stand in terms of your license position, and it's a really an unoptimized, unnormalized report. So they don't do anything to help you understand if you have one user with 57 accounts, who's logged into different systems to say, "Hey, this is just one user. You only need one license." What they'll do is show you, "Hey, you need 57 licenses because we're not going to do any consolidation."

And so typically, on any SAP footprint, any environment, if you've never gone through any type of optimization exercise, you will find waste. You will find savings, just on user licenses alone. At least that's what I've seen over the years. And typically, it could be very high. I mean, I've seen some cost savings, you know, in the millions of dollars, from initial analysis and optimization. So these are some of the typical challenges we see there. Obviously, there's others, but these are probably the most common.

So, SAP has been known to sue their customers. There have been a couple of high profile cases the past couple of years. The one that sticks out to me is I believe is 2017. They sued Anheuser Busch for $600 million. They settled out of court. So when you think about the amount of money that resulted in because they were not compliant and had to go through this process, you know, not only was it hurt them financially, but this was all over the news.

So, you know, reputationally, they took a hit there as well. You know, when I think about $600 million, I have to assume, you know, many people probably lost their jobs. There are a lot of things they weren't able to pursue because that money is now spent just to pay off a lawsuit because they were not compliant with SAP. So, you know, they're not afraid to go after their customers. As we said before, they're a quite aggressive vendor.

So there's different parts of SAP licensing. You know, there's the typical user licensing. So you may have a professional user, a limited user, you know, just a standard user, which, you know, you would set up and allocate this licensing, depending on someone's role in the company. There's also what's called Software Engines. And these engines could be things like, you know, invoice system, HR, procurement, so a different type of you could say, modules, engines or license on that.

You may need a user license, but you also need engines to be licensed, and what your users are accessing and using. And typically the engines are licensed more based on kind of a resource value. So it could be in terms of pay slips or a payroll module. It could be licensed by the number of payrolls slips you create in a month or a year, or whatever the metric may be. It could be very specific to whatever is in your SAP contract.

So you also could have a metric that's based on, you know, number of sales. So if you know, if you make X amount of revenue, you might be charged this amount. And it really...the metrics really differ. And it could be very different for different organizations. So it's a little's not as straightforward as just a standard user-based license or device-based license or something like that. So that's the second type of licensing in SAP.

And then finally, indirect access. This is the one that's really challenging to get a handle of manually. You really need some piece of technology in place to monitor your different SAP clients that are rolled out across your estate and understand, you know, what's happening to them. And it really requires thorough interrogation of the log files to see what transactions, what's connected, and then after doing that analysis, you kind of understand position of indirect access, which is something that's really challenging to do without the help of technology. So as you can see, you know, there's three different license types, parts that are licensing. And you need all to be aware of all three. It's not that you could just be keeping track of your user licensing because all three come into play.

So we've put together a kind of a high-level seven-step process for how to optimize your SAP investment. So we'll go into detail in each of these just after this. So just at a high level, you know, start off understanding really the current state. You know, do you have, you know, 20 SAP clients across the estate? Do you have 50, 100, maybe just two, and just understanding what your user list, how many users you have, what engines you're using. And then you find opportunities for optimization and reductions. So you may find that you have a system administrator who, over the years, has created, you know, 20 accounts, but it's really all the same person.

But because you've not consolidated it, and they've used different logins, when SAP comes to audit you, they're going to see 20 accounts and count that as 20 different people who need 20 licenses. So just finding places to be able to group those together, as well as if you have engines, you know, you're not using or, you know, you have licenses for more than you need, things like that. So just find those opportunities.

Next, we want to look at, you know, tracking your indirect access, however, you're going to do that. I personally don't know how it would be done without some technology because you really have to keep an eye on the log files and kind of go through them on a daily basis. And so that's quite challenging without the help of some technology. So, you know, monitor your indirect access. Monitor your software engines.

Again, if you're going above the threshold or well below that you don't need to keep paying maintenance on something, you know, you can get rid of. And then step six, you will be able to make sure you're prepared for audits, so the ability to any point in time be able to say, "These are the licenses I'm using. This is how I'm using them," and be able to show that.

And then finally, as you get more mature with your processes, be able to have an ongoing policy. So you can have methodology around new users coming into your SAP, how a license gets assigned, how a license gets reclaimed, and have those, you know, have a true policy, that you're able to implement so you're no longer having to do a lot of optimization. It's happening at the time. A license is either handed out or reclaimed.

So looking at step one, we're talking about looking at the current state. We have a product called Ivanti Optimizer for SAP. It's a non-intrusive installation. It's something that has able to show you your SAP usage through a graphical and statistical presentation. So you can clearly see here are all the users. Here all the licenses being used. Here's the usage. You can put in rules, do things like grouping users in different ways. So we automatically can take criteria, blah, blah, blah and say, "Okay, I know these users are the same person because they have the same email address or they have the same first, last name and ID number."

So there are rules out of the box, as well as customization to do things like that, which is a very powerful feature. That could really save you a lot of money right away. It's not an exercise you've gone through because, as you know, in any system, you know, accounts get duplicated. Accounts get created over and over. Unless you can enforce a standard, you know, login creation policy, then you're going to have waste there. So that's step one. Number two is really looking at your current licensing. So things like the amount of usage activity. You know, how long has someone been using a specific engine? You know, the type of usage. Do you have a user who's really only been accessing the HRM engine, but you're paying for, you know, a professional license for, you know, across multiple engines?

So actually looking at the user's actual activities, and what transactions have they made. What period of time? You know, maybe you have custom definitions where you've mapped your accounts to SAP accounts and understanding what that means, what you're liable for. So really being able to see what's going on through different methods gives you a lot more visibility and allows you to be much more strategic of what direction you want to go in terms of do you need to purchase more licenses or do you need to pull back and stop paying maintenance on things you're not really using, you know, as well as finding users may have a much higher, more expensive license than are needed for their role.

So things like we were just talking about, you know, identifying places for optimization and reductions. So being able to quickly identify what's not being used, what are some, you know, unused dormant licenses. Maybe I have, you know, 20 users in the system I see, but only two people are actually active in the past month, finding licenses with low usage. So maybe I do have two users, those two users, one user only, you know, logged in once and they've accessed one engine. Yet, you know, I'm paying for five engines and professional licenses for both. Finding things like duplicate licenses, misclassified test accounts. So in many cases, there's different activities we're going to do throughout the organization, and perhaps I created some test accounts were created to do that testing and we, you know, never removed or deleted. You know, again, I want to understand that so I can remove them so I'm not liable for a license if I get audited.

So these are all different places where I can find some savings and opportunity. So number four, track indirect access. So being able to identify remote function calls to internal SAP resources and understand what was happening. So, you know, maybe I have a system who's making calls to the invoice system and creating payroll slips through the back end that I didn't realize. So I'm only looking at reports for how many payroll slips were created by, you know, the users in the system. But at the same time, I have this back end process that's generating additional payroll slips.

And when I get audited, they're going to take the combination of the total and I didn't realize that. The problem with this is, is if you don't have that account system set up as, "Hey, this is a back end system that's making this call and it only requires this license," then SAP will say, "You have to be licensed for a professional," which is the most expensive, which could be the difference between them paying $500, you know, paying $5,000. So if you can't show which user was assigned to what license, they just automatically assume you need a professional license.

So the nice thing about Optimizer for SAP is it also can not only track this information for indirect access, provide the reporting, but also, you know, you can set up alerts to understand if I have a new point of...a new indirect access or other access that's not documented in the system. So I can be alerted anytime something comes up so I can quickly investigate that and see if it's something legitimate that you access in the system.

So step five, monitoring software engines. So, you know, we want to make sure that we're identifying all the engines that we're paying for, all the engines that are being used and make sure they're being used appropriately. So, you know, if I have a contract with SAP and, you know, I have paid for the invoice payroll system, and I'm paying, you know, for 100,000 payslips per month because typically the engines are, you know, licensed by certain resource value. So, if I'm paying for 100,000 per month, on average, I'm only producing 10,000, well, I'm paying a lot of additional money, 10-fold that I really need.

So again, when it comes to the actual Optimizer for SAP, alerts could be set up again, for engines that if I'm coming close to a threshold for an engine, I can be alerted. That way, I can now take some action to make sure I don't go over the allotted amount. Perhaps I stop generating payroll slips in that system and take some other action for payroll until the month is over or whenever the data, the threshold is re-reset. So being able to be alerted for those things is quite powerful. It really helps you stay in compliance.

So number six on the list was preparation for audits. So understanding, you know, where you sit in terms of your license position for SAP is a valuable thing. So any given point in time, not only are you prepared for an offer from SAP, but you're prepared internally. So the tool gives you detailed reports around exactly what your usage is. You know, you can break it down per user. You could break it down per business unit or department or cost center, and have that optimized information, as well as detailed log changes. So, you know, all the information is there. There are a lot of different reports out of the box. You can create customized reports if you need. But really everything has already been... You can really leverage the reports that are already there. You really don't need to. You know, if you do need to they're there but you really can leverage the out-of-the-box reports.

And then finally, number seven, being able to have a regulated onboarding, offboarding process. So when you have a new user, you're able to automatically match them with the appropriate license type, you know, having a very clear licensing policy of who can get a license, what they're able to access, what type of license, you know, have auditing every...have some cadence of auditing, being able to periodically, you know, remove and reclaim licenses and engines from maybe not using or have been duplicated. So, you know having... When you get to this step, you really have a much more mature way of handling your SAP licensing and controlling, you know, who's accessing and doing things and the different clients.

So immediate savings. As I was saying before, you know, if you've not gone through a true optimization exercise with SAP, I'm very confident you'll be able to find much, much of the savings through a lot of these things mentioned here. So, you know, just identifying duplicate users based on some grouping. So, you know, there's all these duplicate accounts in the system. An SAP does no optimization whatsoever. They basically just collect all the client information from all the different SAP clients. They run what's called a LAW Report, which stands for licensable action workbench, I believe, and they spin out that report with no optimization. And that's what they hold you accountable for.

So just identifying duplicate accounts that's really the same users saves you tons of money. Being able to identify users with low activity or low usage, you know, can save you lots and lots of money. You know, typically we find, you know, many users only need a lower end account or a limited account. Very few actually need a professional license, which is the most expensive, by far that SAP offers. Yet, if you're not able to identify that to SAP, then they just charge you for that license. There's tons of savings on matching up the appropriate user license types, consolidating user accounts, as well as understanding your indirect access. So if you can go back to SAP and prove, you know, "Hey, there's a system that's been connecting but it's not been doing any transactions," you know, you're not liable for that.

So you just have a lot of protection, a lot of savings, right out of the box. This is not something that takes weeks and weeks to get to this point. I mean, this data gets brought in a matter of days. You can identify lots and lots of savings. So there's really no doubt you will save money right off the bat. So besides saving money, you know, there's also just the ongoing, the initial savings, and then there's the ongoing optimization. So as we were talking about, before going through the seven-step process, to get to the more mature way of handling your licensing, you know, in the tool, it's able to take a lot of those things into consideration and make recommendations. You know, it helps you classify your users to the correct SAP license type.

So you can have your own custom definitions of, you know, you may have 30 different roles in your organization that, you know, SAP only has really, you know, a handful of license types. But there's a way to match rule to what license type is really needed. And so you're able to really optimize that process not having to go through and do this each time but just build rules of what role should have what type of license. And really just it gives you that that visibility and again, allow you to be strategic, allow you to really automate and not to spend as much time when a new person comes in. What license should they have? What should they be accessing? You kind of can build that out. So really helping you be prepared with real data.

So when talking about security, you know, you have...when you have a product like Optimizer for SAP, you're constantly getting data in and you're constantly continuously being compliant or understanding where you sit in terms of compliance. So you're quickly able to identify new users, able to classify them to what type of license they should have, what they should be able to access. You know, once you have a policy in place, you're able to enforce that policy for as long as you need. You're able to track through the estate of what licensing is happening, what uses is happening, and then be able to take action on those things. So you have continuous optimization and compliance as a tool is constantly refreshed with data. So you always understand where you stand and what changes you can make.

So when we look at the Ivanti ITAM portfolio, Optimizer for SAP sits in the ITAM stack. We have several products. We have Asset Manager, which is a full asset lifecycle products of being able to manage assets from cradle to grave. We also have License Optimizer, which was our software compliance tool, which really, it's more geared towards on-prem. You can manage cloud, as well. And then because SAP is so different, and because you have to connect to the SAP clients, you know, Optimizer for SAP is a separate offering. And so it's a bit different from License Optimizer.

License Optimizer is a software compliance tool that really just is a consumer of data. It's not going out. It's not doing discovery. It's not doing endpoint management. It's just consuming all the data from inventory from procurement, you know, getting your entitlements and then being able to tell you where you stand in terms of effective license position. SAP is a bit different because we do have to...we need technology to connect to all the SAP clients to translate their logs, to understand and direct access. And so that is why it is a separate offering just because of how complex and different SAP is from other vendors out there. And then finally, in the ITAM portfolio, we have Data Center Discovery, which is our data center Asian list discovery solution.

So, Ivanti Optimizer for SAP really helps you, you know, solve your SAP licensing challenges. So these are some of the questions that it helps you answer. So if you're asking yourself how many, you know, SAP licenses do I really need each year? You know, what license types best match what users actual behavior? Which user accounts are not really being used or duplicated, or maybe incorrectly classified? How you can track indirect access, which is something that I think challenges everyone. And then how can you monitor SAP engines?

So if these are questions that you ask yourself this is something that Optimizer for SAP can help you answer. And I can tell you without the help of a tool, SAP is really a burden, really challenging to optimize and it really leaves you vulnerable to those audits. So whether it's our solution or another solution, really to truly optimize your SAP investment requires some technology. So if you answered yes to any of these questions, you need help with, this is something that, you know, we could definitely help you with and something Ivanti Optimizer for SAP could help you with. And that was it. So thank you, everyone. We'll open it up to questions.

Maraca: Thank you, Darren. There was a question around the material. So we will definitely provide you with the recording from today, as well as the slide deck. I'm looking through other questions. I think Wilder will follow up with your specific question separately. So expect an email from us shortly on that. I don't see any other questions coming through right now. So I think we are at the end, I guess we don't just optimize your license positioning for you, but also your time today. So giving back time to you today, I think that's all worthwhile. So thank you all for joining us today. And stay tuned for other webinars coming up shortly around ITAM as well and also [inaudible 00:29:14]. Thank you and have a great rest of your day. Bye.