License management tools use hardware and software inventory data to calculate a license position for each entitlement. Before this data can be effectively used, it needs to be filtered and normalized. On an average computer, dozens of software titles are found from the hardware drivers to applications used by end users. From a license management perspective, only a few of these software titles carry a commercial license that requires monitoring of the license compliance position and management of the software contracts between the organization and resellers. The identification of these titles is performed using an Application Recognition Library.
Inventory data comes from discovery, inventory, usage monitoring, and configuration management tools that capture way more information than needed. As discussed in a blog last month, the raw inventory for each device consists in thousands of executables and dlls, hundreds of registry entries, ISO 19770-2 tags, package signatures, file contents and other evidence types. This data is filtered and translated into proper software titles using rules provided by the Application Recognition Library. Some of these rules can be very simple, for instance when a unique evidence type enables the identification of a software title. Many are extremely complex as they involve the detailed analysis of multiple evidence types (file header, file content, registry entry…) to identify properly not only the software product title, but also the version and edition.
The Application Recognition Library rules are also used to identify software bundles and product suites. Additional complexity crops up due to the abundance of software patches and fixes from publishers that create many variations of the same evidence type and the lack of normalization from publishers. For instance it is not uncommon to find the publisher name in packages or file headers written in different ways due to lack of standards on the publisher side or simply typos from developers. Another important feature of the Application Recognition Library is the capacity to attach software usage data to a software title. Usage data is sometimes the only means for software identification, but is also used by the license management tools to reclaim unused licenses.
An Application Recognition Library must be constantly updated. New products, new product releases, patches, and fixes are published every day and require new recognition rules or adjustments to existing ones. Events such as product rebranding or mergers and acquisitions across software publishers must be accounted for. There is always a delay between a software publication and the update or creation of recognition rules, but the more frequently the library can be updated and published, the better. Organizations must also be able to add their own rules for unrecognized (e.g. custom/bespoke) applications and share this data with the library provider. Once the new rule has been added by the library provider, a process capable of reconciling the local rule created by the organization and the rule from the Application Recognition Library is needed.
In many organizations, applications are repackaged before being distributed. During this operation, evidence types provided by the publisher are often altered, impacting the capacity of the Application Recognition Library to identify the software title. For instance, the name of the publisher or the description of the software title is replaced by an internal standard name, to differentiate publisher from organization packages. Only solutions able to manage both re-packaging and application recognition (i.e. as part of a broader license management solution) are able to provide an automated solution to this problem. During the repackaging process, a mapping between original publisher data and organization specific one can be recorded and made available to the Application Recognition Library.
Many Application Recognition Library publishers will claim to recognize hundreds of thousands of software titles. But, the numbers vary according to what is counted, from evidence types to software title sub-versions to products, versions and editions. Most libraries offer coverage for a large number of software titles and are able to distinguish commercial applications requiring license management from others. Only a few offer the features able to address all the problems and processes mentioned above related to on-site custom recognition rules and repackaging.
Learn more about discovery, inventory and application recognition by viewing our on-demand webinar.