Page | 1 31 January 2018 1 WorkSpace Step 1 Site will reject files that have not been anonymized by the WCA. 2 Some steps are performed on the Step 1 Site, but all steps are accessible via the WCA. 3 The CIDC must be encrypted using the WorkSpace Companion App (WCA) prior to uploading to the main WorkSpace site to pass validation. Clean Inventory Data Contract Overview for Customers This document provides an overview of the Clean Inventory Data Contract (CIDC), which is an Excel workbook that consolidates and formats your Microsoft software deployment and usage data. The CIDC is used to generate the Established Deployment Position (EDP) and Effective License Position (ELP) reports, which are deliverables provided by your Microsoft Software Asset Management (SAM) Partner at the completion of your Microsoft SAM Engagement. The workbook is named “data contract” because it is specifically formatted (schema, data types, and validations) to work with the WorkSpace. The WorkSpace is a platform designed to facilitate the collection and analysis of high quality data gathered for SAM Engagements through the use of three main components: The WorkSpace Companion App (WCA), the WorkSpace Step 1 site (accessible via WCA), and the main WorkSpace site. There are a few steps to completing a CIDC; the first is uploading your anonymized Artifacts 1 (raw data files) to the WorkSpace Step 1 site (accessible via WCA) to generate the Standard Report, Enterprise Report, Refinement Report, and Preliminary CIDC; the second is to review and refine the reports to ensure all necessary data has been gathered; and the final step is to manually complete the CIDC by adding or adjusting information that cannot be collected through data collection tools. Your partner will complete the majority of these steps, working with you to ensure the most accurate and complete representation of your IT environment. The Standard Report provides a snapshot of inventory coverage and identifies gaps in data collection; the Enterprise Report provides global and per product views and rich data visualization features which are more suitable for management and executive review and the Refinement Report enables you to add more information about your software deployments. All reports should be reviewed before downloading the Preliminary CIDC. Reviewing these reports first provides an opportunity to identify any additional data points that need to be collected. All reports require the WCA to restore Personal Identifiable Information (PII) so they can be reviewed in detail. To improve data coverage, your partner will use the Standard, Enterprise and Refinement reports to identify workstations and servers that may need to be scanned again, marked as out of scope, or categorized for a particular environment such as Production versus Non-Production. New data and information can be uploaded to the WorkSpace Step 1 site, as anonymized Artifacts, to generate a new set of updated reports for review again. Your partner should iterate the process of identifying gaps in coverage, collecting more data as needed, and refining the information until the coverage is as good as can reasonably be achieved. More details on these reports and how to use them effectively is described below.
10
Embed
Clean Inventory Data Contract Overview for Customers · Clean Inventory Data Contract Overview for Customers This document provides an overview of the Clean Inventory Data Contract
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page | 1 31 January 2018
1WorkSpace Step 1 Site will reject files that have not been anonymized by the WCA. 2Some steps are performed on the Step 1 Site, but all steps are accessible via the WCA. 3The CIDC must be encrypted using the WorkSpace Companion App (WCA) prior to uploading to the main
WorkSpace site to pass validation.
Clean Inventory Data Contract Overview for Customers
This document provides an overview of the Clean Inventory Data Contract (CIDC), which is an Excel workbook that
consolidates and formats your Microsoft software deployment and usage data. The CIDC is used to generate the
Established Deployment Position (EDP) and Effective License Position (ELP) reports, which are deliverables provided by
your Microsoft Software Asset Management (SAM) Partner at the completion of your Microsoft SAM Engagement.
The workbook is named “data contract” because it is specifically formatted (schema, data types, and validations) to work
with the WorkSpace. The WorkSpace is a platform designed to facilitate the collection and analysis of high quality data
gathered for SAM Engagements through the use of three main components: The WorkSpace Companion App (WCA),
the WorkSpace Step 1 site (accessible via WCA), and the main WorkSpace site.
There are a few steps to completing a CIDC; the first is uploading your anonymized Artifacts1 (raw data files) to the
WorkSpace Step 1 site (accessible via WCA) to generate the Standard Report, Enterprise Report, Refinement Report, and
Preliminary CIDC; the second is to review and refine the reports to ensure all necessary data has been gathered; and the
final step is to manually complete the CIDC by adding or adjusting information that cannot be collected through data
collection tools. Your partner will complete the majority of these steps, working with you to ensure the most accurate
and complete representation of your IT environment.
The Standard Report provides a snapshot of inventory coverage and identifies gaps in data collection; the Enterprise
Report provides global and per product views and rich data visualization features which are more suitable for
management and executive review and the Refinement Report enables you to add more information about your
software deployments. All reports should be reviewed before downloading the Preliminary CIDC. Reviewing these
reports first provides an opportunity to identify any additional data points that need to be collected. All reports require
the WCA to restore Personal Identifiable Information (PII) so they can be reviewed in detail.
To improve data coverage, your partner will use the Standard, Enterprise and Refinement reports to identify workstations
and servers that may need to be scanned again, marked as out of scope, or categorized for a particular environment
such as Production versus Non-Production. New data and information can be uploaded to the WorkSpace Step 1 site, as
anonymized Artifacts, to generate a new set of updated reports for review again.
Your partner should iterate the process of identifying gaps in coverage, collecting more data as needed, and refining the
information until the coverage is as good as can reasonably be achieved. More details on these reports and how to use
them effectively is described below.
Page | 2 31 January 2018
1WorkSpace Step 1 Site will reject files that have not been anonymized by the WCA. 2Some steps are performed on the Step 1 Site, but all steps are accessible via the WCA. 3The CIDC must be encrypted using the WorkSpace Companion App (WCA) prior to uploading to the main
WorkSpace site to pass validation.
Generating Reports and Refining Inventory Results
To obtain a full and clear picture of your deployment data, it is likely that data was collected from different and multiple
data sources. There are scenarios where a specific computer system may be referenced by multiple data sources or
multiple times by the same source. Additionally, different data sources can specify the same data points with different
values (e.g. virtual host) and data points that tend to be specific to a certain type of data source (e.g. last logon time). To
provide the optimal result, the WorkSpace synthesizes an inventory record for each computer system that factors in all
the available information. Many factors are taken into consideration when establishing the unique set of machines and
their properties, but in general, the most recently discovered data points are the values reflected in the report.
When collecting data, the WCA formats the raw data into what are called Artifacts and anonymizes PII contained within
those Artifacts. The process of anonymization enables the WorkSpace Step 1 site to consolidate and de-duplicate data
even when your PII is obscured.
The anonymized Artifacts are then uploaded to the WorkSpace Step 1 site to generate the Standard Report, Enterprise
Report, Refinement Report, and Preliminary CIDC.
Standard Report
The Standard Report is an Excel workbook that includes a summary of your data completeness, enabling your partner to
identify gaps and machine level details to pinpoint those gaps for further investigation.
Scan Summary: In the Scan Summary worksheet shown here, you can see the coverage percentage and count for both
servers and workstations. In this example, there are 87 total servers (according to Active Directory) but the data
collection by machine was only successful for 78 servers resulting in an 89% success rate, and the workstation count is
only indicating a 67% success rate.
To find out more about failed or incomplete scans, the other worksheets in the Standard Report provide machine level
and user level detail. While this report may not indicate exactly why the scan failed, it does provide enough information
to identify which machines need further investigation.
Inventory: The Inventory worksheet contains machine level data that can be filtered to narrow in on failed or
incomplete scans, as well as pertinent information such as, machines marked as out of scope in columns named
“InScope” and “ScopeReason.” If a workstation has not connected to the network in 90 or more days, it will be marked as
out of scope on the Inventory worksheet and will not show in the Scan Summary. The default value of 90 days can be
changed when your partner creates the Standard Report in the WorkSpace Step 1 site. For example, it can be amended
to 30 or 45 days, or you can override the scope in the Refinement Report marking a machine in or out of scope
regardless of the number of days it has not connected to the network.
Page | 3 31 January 2018
1WorkSpace Step 1 Site will reject files that have not been anonymized by the WCA. 2Some steps are performed on the Step 1 Site, but all steps are accessible via the WCA. 3The CIDC must be encrypted using the WorkSpace Companion App (WCA) prior to uploading to the main
WorkSpace site to pass validation.
Users: The Users worksheet helps identify the user counts necessary for accurately calculating the number and kinds of
Client Access Licenses (CALs) you need. It is also useful for reviewing user activity by domain using the Last Activity Date
or Days Since Last Activity columns to identify any users still connecting to the network that should no longer have
access, further enforcing cybersecurity policies.
Server Worksheets (i.e., Windows Server Worksheet): These various server worksheets show detailed server
information such as processor and core counts, host and guest mapping, clustering, and server product edition and
version.
In addition to using this report for data coverage, your partner can gain valuable insights about how to improve your
overall IT management. For example, in addition to improving cybersecurity by reviewing user activity levels, as
mentioned above, machine activity levels can help you identify ways to optimize workloads. Machines that are
determined to be out-of-use based on having no activity for some time could be decommissioned. For machines with
low activities levels you may be able to determine applications and data that can migrate to cloud backup storage or
even a pay as you go model, rather than continuing to support them on-premises.
Enterprise Report
The Enterprise Report is an Excel workbook that includes a series of 25 reports which provides a global and per product
view of the collected inventory using rich data visualization features.
Scan Report: This tab contains the same information as the Scan Summary tab of the Standard Report. Customers and
partners can have a view of coverage and count for both servers and workstations.
Page | 4 31 January 2018
1WorkSpace Step 1 Site will reject files that have not been anonymized by the WCA. 2Some steps are performed on the Step 1 Site, but all steps are accessible via the WCA. 3The CIDC must be encrypted using the WorkSpace Companion App (WCA) prior to uploading to the main
WorkSpace site to pass validation.
Deployment Summary and Deployment Report: These 2 tabs contain information of deployed quantities for
Microsoft products. The Deployment Summary tab presents an easy to visualize way of deployed data, where
information for servers and workstations are displayed in 3 groups: machines, operating systems and applications. The
Deployment Report contains a view of all inventoried data.
Windows Workstation Summary and Windows Server Summary: These worksheets contain a nice view for
deployed quantities for Windows Workstations and Servers. For both worksheets, information is categorized by physical,
hypervisor hosts, virtual machines and unknown (uncategorized).
Page | 5 31 January 2018
1WorkSpace Step 1 Site will reject files that have not been anonymized by the WCA. 2Some steps are performed on the Step 1 Site, but all steps are accessible via the WCA. 3The CIDC must be encrypted using the WorkSpace Companion App (WCA) prior to uploading to the main
WorkSpace site to pass validation.
Hypervisor Summary and Hypervisor Report: These 2 tabs contain information related to virtual hosts and clusters.
The Hypervisor Summary tab presents an overview of processor and core counts for hypervisor hosts. The Hypervisor
Report is a detailed view of the Hypervisor Summary tab.
Windows Server Detail: This worksheet shows detailed server information such as processor and core counts, host
and guest mapping, clustering, and server product edition and version.
Page | 6 31 January 2018
1WorkSpace Step 1 Site will reject files that have not been anonymized by the WCA. 2Some steps are performed on the Step 1 Site, but all steps are accessible via the WCA. 3The CIDC must be encrypted using the WorkSpace Companion App (WCA) prior to uploading to the main
WorkSpace site to pass validation.
Users: The Users worksheet helps identify the user counts necessary for accurately calculating the number and kinds of
Client Access Licenses (CALs) you need. It is also useful for reviewing user activity by domain using the Last Activity Date
or Days Since Last Activity columns to identify any users still connecting to the network that should no longer have
access, further enforcing cybersecurity policies.
In addition to the presented views, the Enterprise Report contains separated device views for the following products: SQL
Server, SharePoint, Exchange, Lync, System Center, Dynamics CRM, BizTalk and Office.
Refinement Report
The Refinement Report is an Excel workbook that enables you to refine the data collected and fill in some of the
information gaps so that your data coverage is complete and comprehensive. Notes that are added to the Refinement
Report are carried over in later reports such as the CIDC and EDP to provide more information that may be needed
further down the engagement process. Below are some examples of refinements that can be made by updating the
Refinement Report and then uploading it again as an anonymized Artifact.
Summary: This worksheet provides a high-level count of rows within the subsequent worksheets that should be
reviewed and potentially updated along with instructions on what kinds of information can be adjusted. As changes are
made on the other worksheets, the Summary worksheet will update accordingly.
Page | 7 31 January 2018
1WorkSpace Step 1 Site will reject files that have not been anonymized by the WCA. 2Some steps are performed on the Step 1 Site, but all steps are accessible via the WCA. 3The CIDC must be encrypted using the WorkSpace Companion App (WCA) prior to uploading to the main
WorkSpace site to pass validation.
Workstations and Servers: These worksheets can be adjusted by indicating whether specific machines should stay in
or out of scope. For example, it may be appropriate to exclude de-provisioned servers. Any machines believed to be
valid and in-scope should also be refined as Physical or Virtual to ensure later license allocations are accurate, unless an
additional data source will be used to target those machines.
Partial OS and Non Microsoft: These worksheets include machine records for which the operating system record is
incomplete, absent, or known to be from a publisher other than Microsoft.
Virtual Hosts: This worksheet lists virtual machines where the virtual host is currently unknown. The name, number of
physical processors, and number of physical cores for the host can be added so that the virtual machine is properly
recognized and mapped later in the Preliminary CIDC. Completing this worksheet will also update the Standard Report
to eliminate the unknown hosts section on each of the Server worksheets.
SQL and Office Editions: In some cases, product edition detail for SQL and Office instances may not be captured
during the data collection process. In this case, the edition should be added on the SQL Editions and Office Editions
worksheets.
Page | 8 31 January 2018
1WorkSpace Step 1 Site will reject files that have not been anonymized by the WCA. 2Some steps are performed on the Step 1 Site, but all steps are accessible via the WCA. 3The CIDC must be encrypted using the WorkSpace Companion App (WCA) prior to uploading to the main
WorkSpace site to pass validation.
Scope: Lastly, a complete list of machines discovered is available on the Scope worksheet, with their tool-assigned scope
(in or out, based on activity and data collection status). Existing scope of any machine can be overwritten in the orange
cells (moving in scope machines out, and the reverse). Machines already updated in the Workstations or Servers
worksheets do not need to be handled again in the Scope worksheet.
Once the Refinement Report is updated, it is anonymized and uploaded to the WorkSpace Step 1 site to generate
another set of reports for review and a more accurate Preliminary CIDC. As mentioned earlier, your partner should
iterate the process above to identify missing data, collect additional details as needed, and refine that information until
the coverage is as good as can reasonably be achieved. Microsoft SAM Engagements require that data coverage must
reach at least 90% for all devices.
Manually Completing the CIDC
After completing the above steps, the Preliminary CIDC can be downloaded for review and completion. Again, the WCA
must be used to restore your PII. To manually complete the CIDC, your partner will work closely with you to add and
verify information contained within the report.
Completing the CIDC provides the WorkSpace site with guidance on how you are using your software deployments and
other information that cannot be discovered via inventory tools. For example, whether a software deployment should
map to a specific Licensing Model based on how it is being used, such as User versus Device CAL or a Processor versus
Core License. The accuracy and completion of this information is critical to gaining the most value from your
engagement as the final CIDC will be the basis for your EDP and ELP reports later.
How to Complete the CIDC
The first worksheet in the CIDC provides detailed instructions on what fields need to be reviewed and manually
completed (also highlighted in yellow) throughout Worksheets A through G. These instructions include descriptions of
the use of those fields and guidance on how to input the correct information.
Page | 9 31 January 2018
1WorkSpace Step 1 Site will reject files that have not been anonymized by the WCA. 2Some steps are performed on the Step 1 Site, but all steps are accessible via the WCA. 3The CIDC must be encrypted using the WorkSpace Companion App (WCA) prior to uploading to the main
WorkSpace site to pass validation.
Worksheets A through G are broken out by common product groupings such as Hardware and Operating System, Client
and Server Applications, Access Licensing, and User Subscription Licensing. These worksheets should be reviewed for
accuracy and completed by following the specific steps outlined in the Instructions worksheet.
There are several scenarios that may need to be reviewed and considered when making modifications to the CIDC. Here
are just a few.
Example modifications Scenarios
License Quantity Required - A default
value of 1 license per deployment is
included but, in certain scenarios more
licenses may be required.
If a physical server has four processors it requires two processor licenses,
one for each dual-core processor. Therefore, the License Quantity
Required would be updated from 1 to 2.
You may need to add required licenses for physical workstations
accessing any Virtual Desktop Applications (VDAs) that may not have
been discovered via inventory tools.
When assigning licenses to a host, only 1 Datacenter license is required as
it allows unlimited virtualization under that host. However, more than 1
Standard license maybe required depending on how many virtual servers
are hosted. Effective License Quantity may need to be adjusted
depending on your specific scenario.
License Model Assigned - In certain
scenarios, you may need to select between
multiple and different license types.
Depending on how users are accessing a server, here you can determine
whether you need Device or User Access which will help match up the
appropriate CALs later in your ELP.
License Program Group Assigned -
Used to differentiate between licenses that
would typically appear in your MLS versus
other license type such as OEM.
Physical workstations or servers you've acquired should have come with
an OEM license for the operating system. If you are not using your
volume license agreement to upgrade to a newer operating system, then
you would change this field to indicate you are using your original OEM
license for these particular software deployments.
Environment Type - Useful when
determining whether MSDN licensing can
be used.
Depending on how you are using the software deployed, you may
change the "Environment Type" from Production (default) to
Development to leverage MSDN licensing.
Page | 10 31 January 2018
1WorkSpace Step 1 Site will reject files that have not been anonymized by the WCA. 2Some steps are performed on the Step 1 Site, but all steps are accessible via the WCA. 3The CIDC must be encrypted using the WorkSpace Companion App (WCA) prior to uploading to the main
WorkSpace site to pass validation.
Additional Information Needed
At least two additional reports are needed to complete your CIDC; a current Product and Program Definitions
(Workspace_DomainData.xlsx) report and your latest Microsoft Licensing Statement (MLS). Your partner may also ask
you for any other records and documentation that can aid in the completion of the CIDC.
The Product and Program Definitions report is updated weekly and available for download by your partner from the
WorkSpace site. This report is necessary for the completion of the CIDC as it contains details on the taxonomy (i.e.,
naming conventions) used within the WorkSpace site, such as License Product Family Names or License Product Family
Version Names. If this information is entered incorrectly, then the CIDC may fail when uploaded to the WorkSpace site.
In some cases, the upload may pass but the quality of the data loaded will be low or inaccurate resulting in time-
consuming rework.
The MLS, which is provided by your SAM Engagement Manager, provides a detailed account of your Microsoft Volume
License Agreements as well as the product licenses and Software Assurance (SA) benefits acquired under these
agreements. This information is valuable when updating information in your CIDC such as which License Model you wish
to use for specific deployments or whether you have SA benefits as part of one or more license agreements. To ensure
accuracy, your partner should review the MLS with you to check whether all agreements are shown in your statement.
Although you and your SAM Partner may refer to your MLS when completing the CIDC, it is important to review and
add quantities and information into the CIDC based on actual software deployment and usage, not what licenses have
been acquired through agreements. This ensures accurate reporting on how you should be licensing your software
deployments versus how you are currently licensed.
Uploading the Completed CIDC
After the correct values have been entered, the Completed CIDC is encrypted using the WCA. This process ensures that
your PII is not accessible to Microsoft or anyone in transit.3 After encrypting the CIDC, your partner will upload the
Completed CIDC to the main WorkSpace site, and continue on with the next steps of the engagement.
If the CIDC fails to upload, a warning is shown and a CIDC Error Report is provided to help guide you and your partner
through the necessary changes to successfully complete the CIDC report. The Error Report contains inline error reporting
made directly to the CIDC report. When you or your partner open the Error Report, you will notice the spreadsheet looks
identical to the CIDC file that you attempted to upload. The difference is that the Error Report has highlighted all of the
cells that have caused a validation error to occur. The description of errors can be found in the “Error(s) Description”
column added to the far right of the original columns in each of the worksheets where errors have occurred. The data
set within the Error Report is still protected with PII encryption and file level protection, both of which should be removed
prior to making edits to the report.
For more information on all of the SAM Engagement deliverables, consult with your SAM Partner. For more details on
the data collection process, anonymization, and encryption, ask your partner to provide the “WorkSpace Companion
App Overview” and the “Software Asset Management (SAM) Engagement Data Usage and Privacy Information”