Fairview Health Services is an award-winning, non-profit organization providing health care services based in Minneapolis. At the end of last year, after it informed Quest that it would not be renewing support for its Active Roles licenses, Quest ran a software audit.
Here is the first SAM Lesson to be learnt already: Make sure your ducks are in a row before making sizable changes to your software licensing.
Quest found Fairview to be under-licensed to the tune of +69,000 licenses, equating to +$4,000,000. Figures Fairview dispute.
Fairview originally purchased 18,1010 Active Roles licenses some 15 years ago, purchasing more as needed since. At the time of audit, it had a total of 38,081 licenses with the most recent Software Transaction Agreement (STA) stipulating that maintenance services are “subject to the terms of the agreement under which the licenses covered by the Maintenance Services were purchased”. But as the bulk of the licenses were not purchased under this most recent STA, Fairview argues that the original Software Licensing Agreement (SLA) is applicable for those licenses.
Quest, however, argues that when Fairview updated to the latest version of Active Roles, it selected a “click to accept” agreement:
“If Customer’s deployment of the Software or, if applicable, use of the SaaS Software is found to be greater than its purchased entitlement to such Software, Customer will be invoiced for the over-deployed quantities at Dell’s then current list price plus the applicable Maintenance Services and applicable over-deployment fees”.
Quest’s audit process meant direct access to Fairview’s data
Quest was permitted to run its scripts directly on Fairview’s infrastructure, and included any user account with access to Active Roles in its count, disregarding whether or not that access was actually utilized. Fairview therefore claims the fine is “an inflated demand for payment of over-deployment fees” and is due to the tool drastically over estimating deployment of Active Roles.
Here lies our next SAM Lesson: If you are granting the vendor direct access to your software licensing data, make sure you understand the tools being used.
Fairview employs fewer than 35,000 staff, yet Quest’s scan of Fairview’s infrastructure found 107,145 user accounts. And this obviously calls their definition of “user accounts” into question. According to the latest STA:
“Enabled User Accounts are all the user accounts in the domain(s) to be managed by the Software, including, but not limited to, users’ logon accounts, secondary accounts tied to users, administrative accounts, service accounts, test accounts, and iNetOrgPerson objects.”
The original SLA excluded test and development accounts, and neither the SLA nor the STA defines what “managed by the Software” means. Quest’s report included four domains, two of which are test and development accounts, and Fairview claims Quest is using the ambiguity around “managed by the Software” to its advantage. Based on the language in the licensing terms, Fairview assumed the software had to be actively in use in order for a license to be required.
SAM Lesson number three: Make sure you fully understand the language and terminology used to outline the terms in your software licensing agreement.
Fairview’s Quest software audit in court
The courts will need to decide which version of the contract is applicable to which software licenses, which accounts should be included in the audit at all, and whether over-deployment is the same as over-utilization.
The fact is, as organizations evolve, develop new processes, and adopt new technologies, the way in which software is accessed by employees’ changes. Ideally whenever software is purchased, the organization will review its software licensing terms to check for restrictions and permissions. There should be clarification around whether existing licenses are included in the new contract.
And here is our final SAM Lesson: When reviewing SLAs, you should include stakeholders from multiple departments; board members, procurement, IT, and legal.