Our Analysis of Snow Software’s Article on SAP’s LAW Transaction

Executive Summary

  • Snow Software makes the argument that the LAW transaction is more designed for SAP instead of customers.
  • We analyze the proposal that the LAW transaction is the only license transaction any customer needs.

Introduction

Snow Software published the white paper SAP’s License Administration Workbench is NOT a Software Asset Management or License.

In this article, we will analyze Snow Software’s white paper.

Article Quotations

Who Was the Law Transaction Designed For?

C-Level management is increasingly scrutinizing the trajectory of spending on legacy platforms across the enterprise such as SAP. They are evaluating SAP licensing optimization and management tools, processes and solutions as a means to tackle the escalating costs.

We have LAW, which is free from SAP, why would we need another tool? are often the first words coming from the SAP Administration team. The problem with this response is that SAP’s LAW (License Administration Workbench) is a measurement and reporting tool, not an optimization tool. LAW makes plenty of assumptions that favor SAP, and provides almost no insight into the efficiency of the licensing assignments and deployment. As a self-audit tool, its primary purpose is to provide a foundation from which SAP evaluates the potential for an additional true-up of license sales annually.

True, LAW is for SAP’s use. SAP misrepresents what the LAW transaction is to customers in their online technical documentation to give customers the impression that LAW is for the customer, when in fact, LAW is primarily for SAP.

Pretending LAW is SAM

SAP’s License Administration Workbench known as L-A-W is used as a tool to prepare audit data for SAP* to review. LAW collects and consolidates SAP license-relevant measurement data (users, engines, self-declaration products) for the component and central system.

System Administrators can get a more consolidated overview of the licenses provisioned and deployed. SAP uses LAW measurement data to bill customers when additional licensing is required. It’s important to note that LAW is NOT an optimization tool and does not indicate which users are inactive or over-licensed.

An SAP administrator at a large global enterprise commented recently that: LAW feeds SAP’s internal audit team of engineers, contract lawyers and salespeople with the data they need to escalate your charges every time.

That is a powerful assertion and one based as much on emotion as fact. But the passion does not belie the fact that SAP’s LAW tool and SAP-focused Software Asset Management/License Optimization solutions do very different things. Comparing the two is like comparing the proverbial apples and oranges.

This is all very true. But SAP does not want its customers to know anything about this.

How SAP Presents the LAW Transaction to Customers

SAP describes its License Administration Workbench (LAW) with precision: The License Administration Workbench (LAW) is a tool for the central consolidation of license audit data and supports you in the SAP license audit process for complex system landscapes. In particular, the LAW simplifies the classification, combination, and consolidation of data for users that work in multiple systems and clients.

As you can see, SAP itself has never tried to position LAW as anything other than a tool to aggregate audit data for contract compliance.

I see it a bit differently. It looks like SAP intends to obscure who the LAW is there to serve. If you read the SAP text, it makes it seem as if LAW is for the customer. It is natural for the customer to come to that conclusion. That is why the next comment is not at all surprising.

However, in meetings between CFOs, CIOs and SAP administrators, you will often hear SAP administrators say something along these lines: We have the SAP LAW tool to manage our SAP users, engines and license types, so we don’t need a Software Asset Management/License Optimization solution.
Does this assertion stand up to the facts?

Exactly. The explanation of LAW by SAP leads SAP customers to do precisely what SAP wants them to do, which is to not investigate SAM tools.

The SAP contract expressly requires the customer to provide the LAW data as part of the audit process. In most cases, if the company is unable to provide this data, it will permit SAP to connect to its SAP systems to collect the data.

That is not a good idea. Companies don’t want SAP anywhere near their systems. This is the problem with Solution Manager as well. Solution Manager, if set up correctly to do so, allows SAP to monitor your system.

SAP’s Self Centered Approach to “Compliance”

We do not dispute that SAP’s LAW is used to help monitor compliance. If the company has users out of compliance, SAP will detect this and come up with a renegotiated set of fees for the company to bring itself back into compliance with its contract.

Which will, in 100% of cases, be highly SAP centric with SAP taking maximum advantage of any customer that does not offer resistance.

But what the LAW tool does not do is provide data for the purpose of optimizing the number of named SAP users, optimizing access and use of engines in a deployment, or optimizing the roles and license types assigned to users.

LAW does not provide information to the customer that they need to use against SAP. That is by design.

SAP’s LAW is classified as an audit compliance tool and serves that exact purpose.

As I said, I don’t see that SAP is being clear about what LAW is designed.

The Idea that SAP Offers Everything You Need — Even the Software to Negotiate Against Them

The data collected and painstakingly merged is used by SAP’s internal audit team to determine the company’s compliance with its existing contracts and to set out the best strategy moving forward to optimize additional revenue from the customer. In this respect, the emotional outburst from the SAP administrator quoted in the introduction is a fair reflection of the truth.

Right. But also, there is something else at play.

This issue extends out to software far beyond SAM. IT departments that use SAP have an extreme bias against non SAP tools. The idea is that even if the SAP tool that is offered lacks what the other tool has, one should always go with SAP. I have dealt with this sentiment repeatedly in my consulting experience.

More than half of SAP’s annual revenue and more than 75% of its profits come from its installed base of customers and the annual maintenance fees flowing from those contracts. SAP, not unlike any other software vendor, has a clear purpose for the audit data provided by the LAW.

SAP is increasingly relying upon its support revenue because it is selling less of its core products. In a word, it is saturated in its customers, and many emerging areas in IT, like IoT and Big Data, have little to do with SAP or ERP systems generally.

SAM Being Designed for the Customer

The SAP user and usage data collected by the Snow Optimizer for SAP Software is substantially more comprehensive than the systems measurement data displayed by SAP’s LAW tool and can provide a substantially better picture of what usage is really happening across the company.

SAM software, unlike the LAW transaction, is designed for the customer.

How SAP Keeps the Licensing Information at an Aggregate Level

The License Administration Workbench does not provide a way to distinguish between a named user that logged into the system last week or two years ago, and is only focused on gathering (not analyzing or optimizing) audit-related data for future billing.

SAP does not want customers to optimizing its use of licenses.

SAP’s LAW software can consolidate licenses across multiple SAP systems into a consolidated view based on the logon name and a number of other fields. By default, it aggregates user licenses by the logon name. LAW does this for audit purposes and does not provide any detailed information or analysis to isolate, detect or correct unintended duplicate users in the system.

In this case, a higher level of aggregation suits SAP, so that is what LAW provides.

Duplicate users involve one actual user having more than one unique named SAP user login. There may be valid reasons why a user has been assigned multiple SAP licenses, but in many cases, this was not the original intent.

A simple example is if a woman changes her last name after marriage and is assigned a new SAP login name. Care must be taken to consolidate these two user names into one by ultimately retiring the original one.

Again, there will be a significant difference in the design of software if it is designed for the vendor to maximize their license draw from the account, versus intended for the customer and designed to minimize this draw. However, Snow’s examples here repeatedly show that the more detailed information provided by SAM software is more accurate.

Indirect Access and Snow

SAP’s LAW tool captures usage data which is analyzed by the SAP Audit team to determine if there is potentially indirect access activity occurring and if the enterprise is properly licensed for such activity. In most cases, the enterprise is not, and SAP will push for additional indirect license purchases which can add up to a meaningful cost.

The Snow Optimizer for SAP software collects the same usage data, and also looks to isolate potential indirect access violations. The difference is that with Snow Optimizer for SAP Software the company can (a) determine the exact source of the indirect access violation, and (b) be aware of it in advance of SAP and correct it ahead of the audit.

Brightwork publishes the most information on SAP indirect access. And indirect access is something that SAP (in our view) plans to increase in the future. Therefore, this functionality described by Snow is more important than ever.

The company may take licensing or programming action to address the compliance issues in advance of an on-site SAP visit. Companies should develop an architectural diagram of all applications and portals connecting to SAP that documents the inter-connection, the direction of the flow of information, and the number and type of users of the application.

Quite true.

Conclusion

This is a good quality article from Snow that brings up the knowledge level of the reader.

The Problem: Secrecy Around Indirect Access

Oracle, SAP and their consulting partners, ASUG, as well as the IT media entities all, have something in common. They don’t want indirect access understood. Media outlets like Diginomica are paid to distribute PR releases as articles, as we covered in the article SAP’s Recycled Indirect Access Damage Control for 2018. The intent is to lower SAP customers’ concern around indirect access so that indirect access is underestimated, as we covered in the article The Danger in Underestimating SAP Indirect Access.

The primary providers of information in the SAP space are all financially linked to SAP. SAP does not want indirect access understood, so these entities do as they are told by SAP. 

References

SAP’s License Administration Workbench is NOT a Software Asset Management or License, Snow Software.