Knowing what you have is a start
Our client had a list of software. Every time anyone wanted to install software, it first had to go through a process to ensure it is appropriate and safe to use. However, when they approached us to do a review of their software use, we knew there was a challenge ahead.
Firstly, there was no clear indication of what was installed and where. Secondly, there was no tracking of licences or editions of free software, or who was using it. There was enterprise agreements in place where they were available, but on the whole single licenses were used.
All types of software were in use, and there were many overlaps. One example were graphic editing software. Some users had a fully licenced product, while other were using personal favourites, some of which were very old and needed special handling.
We needed a policy
The process seemed fine, but it was the lack of control which was the issue. Anyone could request the importing of any software, and this had lead to bloating of the software catalogue. Multiple software, different vendors, all doing the same basic functions, coupled with different version from the same vendor, made it difficult to keep track of anything.
Even the catalogue was a confusion. Different staff with different ideas had made entries which had different titles, but were in fact the same software. We decided there needed to not just a policy that covers the usage, but how to complete and use the software catalogue.
Complex subject, simple policy
We started by categorising software based on its licensing model, then by its functions, finally by version. This gave us a chance to see what is in use. This ordering formed part of the policy. Next, the naming convention was defined and applied to the catalogue. By this time, the catalogue has shrank to a more manageable size.
What we also discovered is when software is needed, it was possible to select an old version and there was nothing stopping the deployment. Not all software was available through automated processes, which was why there was such confusion about what was installed where. The policy had to cater for proper use, correct licensing, and encourage automated delivery.
While we had to cater for the management of the catalogue, we also needed to ensure the software was used properly too. We set about working out what was in the software library to balance it with the software catalogue. The policy would state the latest version shall be used to prevent problems with support and to bring it in line with some usage conditions.
Software was wrapped for automatic delivery where possible, and larger software packaged for delivery through the CI/CD pipeline.
Carrying on from where we left the catalogue was a simple matter for the staff to follow. The client was very pleased they now had a handle on their software, the right versions in the right places, meant they could begin a rollout of the latest versions.