Category Archives for "Certero"

How Accurate is the Certero Article on Software Audits?

 What This Article Covers

  • An Analysis of Certero’s Web Article Accuracy on SAP Software Audits
  • Virtualization
  • Monitoring Usage
  • Indirect Access


Part of what we do at Brightwork Research & Analysis is review the accuracy of media output of IT entities. In this article, we will focus on Certero’s media output. Certero is a software vendor that offers SAM software.


Virtualization is a mature technology that can help you save money, time and carbon emissions. Consequently, just about every major organization has adopted it in one form or another, somewhere on their IT estate.

But, there is a major issue with virtualization that many organizations overlook – the impact it has on your software licensing. Unless you are fully aware of these implications and are able to manage your license position, you could end up paying more for additional software licenses (and fines if the shortfall is discovered during a vendor audit) than you saved through virtualizing in the first place.

That is quite true. In fact, a major motivation for virtualization was to save money on software licenses. However, eventually the software vendors became savvy to virtualization and they changed their license terms to account for it. This greatly reduced the incentives to virtualize as the potential software cost reductions were always greater than the hardware cost reductions.

And vendors do know how to audit and determine penalties on their software when virtualized.

Monitoring Usage

Dependent on the terms of your license grant, the need to measure the usage of your software could be important in ascertaining whether you are compliant and also what you have to pay. Certain software vendors, like SAP and Oracle, charge for software based on metrics that can be unique to your business. For example, if you are a car manufacturer, the metric could be based on the number of cars you have built.

Yes, that is also true. And SAP and Oracle as well as other differ from each other as well.

Indirect Access

As if the licensing agreements of the likes of Oracle, SAP and Microsoft were not complicated enough already, many user organizations fall foul of something called indirect usage and end up owing significant amounts as a result of licensing non-compliance.

Indirect usage, indirect access, or multiplexing as it is sometimes called, is where your software (be it Oracle, SAP, Microsoft etc.) is accessed indirectly by a non-named third party, which can either be a person or machine. For example, an organisation has created a system that allows all their employees to enter their expenses. That system then sends all that employee expense information to a second system using a single named user account.


Key to getting to grips with indirect access is the ability to correctly classify users of your software as direct or indirect and so make sure they are given the correct license type. Identifying indirect access can be tricky without the help of an automated monitoring tool.

This is another way of saying monitoring usage also, which is what SAM software does.

However, there are tell-tale signs that make indirect access easier to spot. These include things like a user accessing a system all day long (no human user would do that) or a very large volume of work processed within a set period by one user (again, no human could conceivably process such a volume within that time).

That makes a lot of sense.

One way to avoid indirect access problems in the Oracle world, for example, is to license via processor, rather than Named User. Sadly, there is no such corresponding license in the SAP world, where you are limited to Named User.

The distinction that I would want to be drawn here is that SAP enforces indirect access quite a bit differently than Oracle. SAP is the only vendor I have yet observed charge for what I have called Type 2 indirect access.


This article by Certero earns a Brightwork Accuracy Score of 9.5 out of 10. There is nothing inaccurate in the article, and the only area that could be adjusted is adding some specificity.


Software audits: What can go wrong – 2?