With the release of Snow Inventory 5.2 Snow Software has introduced Cloud Application (SaaS) discovery and metering. The Snow Inventory Agent for Windows version 5.2 or higher has the capability to meter Cloud applications which are used by the end-users using Google Chrome. (Support for IE11 and Firefox is currently being developed.)
Besides all technical processes which are handled by the Snow Inventory Agent in combination with the DIS database (Software & Cloud recognition database), as soon as the Cloud application metering is enabled in the Snow Inventory Console, a browser extension (plugin) for Google Chrome will be added to fetch the visited Cloud websites. This is what the browser extension looks like in Google Chrome:
By default, Cloud Application metering is disabled in Snow Inventory 5 and needs user interaction to activate it. Once the Cloud Application metering is enabled on the Snow Inventory Server it will immediately broadcast this activation to all the selected devices in Snow Inventory across the network (only running Snow Agent 5.2 or higher.) Please find below how to enable it for different sites/configurations in the Snow Management and Configuration Center:
Although this functionality is not enabled by default, we have seen that in some cases it was turned on by the customer or partner, without involving the rest of the organization. In some cases, this has resulted in employees having the feeling that they were being monitored without their consent and made complaints to the workers council.
The reason for the visibility of this extension is that Google doesn’t allow hidden extensions and therefore Snow will not be able to load the extension in a hidden way. It’s also not possible to manage the visibility of any extension by any policy for Google Chrome.
Recommendations from Snow Software:
To prevent these types of escalations, Snow recommends customers to involve the entire organization when implementing cloud discovery. Informing end users about the functionality and purpose of capturing the cloud application usage, and proactively notifying the works council about the functionality will prevent a lot of discussions afterwards.
Both the involved stakeholders from the organization and end users should be aware of the following:
- Cloud application metering is not intended for other purposes than Software Asset Management.
- The extension will only fetch the Cloud (SaaS) applications which are recognized by Snow Software.
- Since the Snow Software implementation is on-premise or partner platform design the cloud application metering will only be visible in following situations:
- Insight by the Partner/Customer in case of a Service Provider edition
- Insight by the Customer only in case of an Enterprise edition
Once the end users and involved stakeholders are appropriately informed, no surprises should arise afterwards.
Data Intelligence Service (DIS)
Stores information on application IDs and rules (patterns) defined for identified
cloud-application web sites.
The Data Intelligence Service is developed, maintained, and provided by Snow
Snow Update Service (SUS)
Distributes information on application IDs and rules (patterns) to the Inventory
Server, and application IDs to Snow License Manager.
Distributes new and updated rules (patterns) to the Inventory Agent for Windows.
The rules are sent as a regular agent update job.
The Inventory Server stores the discovery and metering results for each
application ID. The information is then fetched by Snow License Manager during
the Data Update Job.
Inventory Agent for Windows
Instructs the browser to download an extension from the current Browser
extension store, and then install it on the computer.
The Inventory agent matches the patterns gathered by the browser extension
with the distributed rules and saves the relevant data in the C:\Program Files
\Snow Software\Inventory\Agent\Data\web-metering folder. The data in the
web-metering file will be included in the snowpack file during the next scan
For a successful installation of the browser extension, the computer needs to
be a member of an Active Directory domain.
The browser extension gathers information on web site activity (web site URL,
current date, and the user that started the browser), and then sends the result to
the Inventory agent for matching.