Assets Add Up; But Asset Software Sometimes Doesn'tBy John Parkinson
This is not a huge company, but it operates in quite a few countries and in every state in the U.S., so it has a widely distributed asset base.
It owns software that should, in theory, be able to keep track of its technology configuration, but the products that do this are complex and hard to get installed and running smoothlyand somehow the installation process had never been a priority for IT operations. Enter a new CIO and some new executive management, and now it is a priority. So the CIO asked me to help them do some initial discovery work and come up with a plan.
There are lots of good tools available to "discover" what you have installed on your corporate network, especially if you have an all-IP environment.
(If you don't, it's a little more challenging, but not impossible, as long as you don't use any of the highly proprietary and non-mainstream protocol sets that used to be common in corporate IT.)
With a little work, and some careful preparation to make sure the tools can fit in with the security environment, you can find just about everything in the hardware asset base, and most of the OEM and Independent Software Vendor software.
You won't find all the "shelfware" that's lying around, and you won't necessarily find all of the licenses you own, only those you are using when you do the scan. Generally, I go look for data on this in the financial systemsyou're probably paying for support and maintenance on everything, so there will be entries in a payables account somewhere. That, plus a manual review of a few contracts, and we should be able to tie up the loose ends. So armed with a few good tools, off we went to see what we could find.
Remember, this company isn't hugebut it surely turned out to have a lot of technology scattered around. The IP address scan (actually a mixture of Static IP addresses and a count of Dynamic Host Configuration Protocol leases, of course) turned up tens of thousands of "devices" on several subnets, plus some things that were clearly Network Address Translation gateways that shouldn't have been there.
We also discovered that the device "population" was moderately dynamic: About a third of the devices moved on and off the network on a regular basis.
This is one of the challenges with DHCP. If you have a lease turnover policyand you shouldhow do you know that it's the same device when a lease changes? Correlating device presence with device identity is the job of the configuration management systemthe one the client didn't have. So we ran the scan continuously for a week, analyzed some router and server log files and came up with what we though was the total connection list.
Even that showed quite a lot of movement. New devices showed up. Identified devices went away. Some devices for which we had asset records never appeared. Lots of devices appeared for which we had no asset record at all. The CIO was not amused. The CFO was really not amused. And if we thought the hardware picture was overly "fluid," the software license picture was even worse.
Trouble is, there is no simple solution for this. There does not seem to be a straightforward way to set up and operate an auto-discovery, auto-registration, auto-lifecycle management environment that can reliably keep track of all IT assets across a widely distributed network.
With more and more of the business's IT assets being mobilenotebooks, PDAs and VoIP phones among themkeeping track of where everything is and what it's being used for is becoming critical. We need a better and more cost-effective answer.
The next phase of work will be to try and figure out how to do this. I'll keep you all posted on what we come up with.