SAM managers, especially in large organizations, need to co-ordinate with other functions, such as the IT services desk to make changes to the IT environment. In smaller companies the IT and SAM manager is often one and the same. Whatever scenario applies, getting things done requires handovers and interactions with different systems and portals, which can be time-consuming and of course costly to the business. Add in the constant threat of security breaches and evolving regulations like GDPR, making changes to the IT environment is not always a straightforward process.
The Snow License Manager (SLM) team have been looking at how we can ease this pain point, by enabling the SAM manager to carry out some basic ‘IT tasks’ directly from the SLM interface. Naturally, it’s not that simple, we’re not talking about plugging SLM into the heart of your IT system. We’ve been looking at a long-term approach, how to connect portals and systems and enable secure service-chaining through workflow orchestration and automation.
So, to start with, the team decided to address the two most common admin activities related to Microsoft Office 365: adding users to and removing them from a subscription plan.
Before I get into the details of how we have implemented this functionality. I first want to address the security issue.
Rather than plugging SLM directly into the IT environment we have chosen to use Snow Automation Platform, which already includes the functionality to add and remove users, but more importantly, has been constructed to uphold IT security policies.
If you are already using Snow Automation Platform, you’ll be familiar with the concept of Automation Books – a prepackaged PowerShell script that carries out a specific IT function. The Automation Book – Office 365 Automation – has been created to add/remove users to an Office 365 subscription plan. By allowing Snow Automation Platform to carry out these functions, risk is lowered as SAM managers don’t need to be provided with access to the Office 365 portal. And the entry barrier is lowered by removing the need for the SAM manager to understand yet another system.
So, once Snow Automation Platform is configured, a more-options icon will be visible on the context menu of a subscription plan – shown in Figure 1.
Figure 1: Context menu subscription plan – Add/Remove users option.
I’m not going to walk through the low-level steps of the process in this post, there’s a good description in section 18.104.22.168 – Add subscription plan – on page 96 of the User Guide: SLM Web User Interface - Update revision 8.3. What I believe is more interesting is how we’ve put this functionality together and how you can use it to optimize your estate.
Say, for example, you have a bunch of users on E3 subscriptions who are not using the installed version of the ProPlus applications (Word, Excel, PowerPoint, etc.), and you want to move them to them to the cheaper E1 subscription. Use the new functionality in Snow License Manager to create requests to add these users to an E1 subscription, and at the same time, add requests to remove the users from their E3 subscriptions. Push the Request button and the system takes care of the rest.
So how does it work?
Figure 2: Data flow
Once you have made add/remove requests in SLM, these requests are stored in a local queue. The workflow engine of Snow Automation Platform polls the API endpoint of Snow License Manager every 30 minutes (configurable).
On each API call, Snow Automation Platform retrieves new items from the add/remove requests queue and updates the status of requests it has already processed to completed. Snow Automation Platform handles all new requests by sending the appropriate add/remove instructions to the Microsoft Office portal, which in turn updates user subscriptions accordingly.
The next time the Microsoft Office 365 SIM connector reports in, Snow License Manager confirms that completed requests have been carried out before removing them from the queue.
Should anything go wrong when Snow Automation Platform tries to take the action requested, the error message will be shown in SLM.
Communication is triggered from Automation Platform to Snow License Manager to support customers who are being hosted on a partner platform, where Snow Automation Platform is on-premise and Snow License Manager is hosted.
I know some customers have been waiting for Snow License Manager to start moving in this direction. Our beta tests indicate that this is a highly useful feature in certain scenarios, and so I’d really like to get feedback from you, if you think you will use it, and are we thinking along the right lines?
Please leave a comment.