The Curious Case of Indirect Access Licensing

SAP Customers have been in search of clarity with respect to the contractual agreement and user licensing terms since the “indirect access” concept was introduced post the million-dollar lawsuit in the UK. Many SAP customers with ambitious road-maps of cloud, mobile and HANA migrations did not invest enough in the subject matter expertise, processes and tools required to remain compliant. This coupled with legal and contractual ambiguity on SAP contracts with many contracts dated as old as two decades did not spell out clearly on indirect access licensing. The primary motive of this article is to bring clarity on this subject and break some technology myths.

Diageo, a UK based beverage company was hit with a $60 million bill following a lawsuit by SAP on its indirect usage of data from SAP ERP system. Diageo’s situation in this licensing brouhaha can be termed as “unfortunate” and “startled”. Unfortunate, because, given the advent of technology, cross vendor platforms and cloud there would be many SAP customers in a similar situation as Diageo was, but the latter took the first hit. They were caught off-guard and did not see this coming. It is hard to say if this situation could have been avoided. SAP and Industry experts would advocate on conscious decisions with roadmap of technology advancement and license quota in mind. Diageo and many other customers in similar situation would on the other hand, request a benefit of doubt given a lack of clarity on “Indirect access” on the SAP contract papers. With the debate still on and many questions still unanswered, the High court ruling was in SAP’s favor. Diageo was penalized heavily for “breaking” the contractual agreement signed between the two in 2004 because it exceeded the number of users “using” the SAP ERP system than the agreed “named” users. It is important for existing SAP customers to understand Diageo’s case and bring awareness in their IT teams to address similar situations before SAP knocks their doors.

To understand this better, let us take a look at the Diageo’s situation. Diageo signed contract with SAP in 2004 and purchased mySAP Business suite license. The Business suite license incorporates below components:

i) mySAP Enterprise Resource Planning (mySAP ERP);

ii) mySAP Customer Relationship Management (mySAP CRM);

iii) mySAP Supply Chain Management (mySAP SCM);

iv) mySAP Supplier Relationship Management (mySAP SRM);

v) mySAP Product Lifecycle Management (mySAP PLM)

Diageo’s case is concerned with mySAP ERP software. The mySAP ERP software comprises of a centralized database, together with an application layer which runs on a customer’s server, providing functionality for the operation, financial management and human capital management of a business. In addition, the mySAP ERP software provides a master data store, which is updated and internally coordinated to reflect new data entries, and which is capable of interacting with and being re-used across multiple business processes.

Diageo landscape had mySAP Business suite with named license users as shown in Figure 1. All the users including the call center reps who took orders on phone calls were also assigned a category of license in SAP. Any external systems and interfacing was done via the middleware conduit SAP XI system (now called SAP PI). The situation in Fig-1 was compliant with the contract signed in 2004

In 2011/2012 Diageo introduced salesforce application for its CRM operations. It introduced two software called Gen2 and Connect (refer Fig-2). The system, called Gen2, uses Salesforce to allow Diageo sales representatives to collate relevant data to assist with the management and tracking of sales, primarily at outlets for sales. Connect on the other hand, enables customers and distributors to place orders for products directly using an online portal, rather than having to order via the Diageo call center. The Gen2 and Connect interact with the SAP ERP using the middleware SAP PI system. The customers and distributors could now login on salesforce interface and place the order for products directly rather than having to order via the Diageo call center. The login process triggers a connection with mySAP ERP via SAP PI. Each stage of the order process requires the customer to initiate the transmission of a message from Connect to mySAP ERP and a corresponding response to be received from mySAP ERP. A customer’s order cannot be completed in Connect, submission of the order initiates transmission of the same to mySAP ERP, where the final processing and completion is carried out. At each stage of the order process, the customer is accessing or using mySAP ERP indirectly through SAP PI. These customer user IDs which indirectly connect to SAP ERP are not licensed in SAP system. Diageo took the very reasonable position that since it paid SAP license fees to use its software and since it paid SAP a license fee to use the SAP PI integrator program it assumed it was covered.

The assumption was not totally flawed given that SAP Contract did not cover mobile and cloud based user types in the licensing literature back in 2004. High court judgement was based on benefit of doubt. It invested significant effort in interpreting Diageo’s commercial agreement with SAP, specifically Named User based pricing, concluding the agreement did not contain an appropriate user type related to customer use. The court appeared to be sympathetic to SAP indicating that “in 2004, the effective date of the agreement, such usage through cloud-based portals was not generally available and therefore unsurprisingly, it is not explicitly called out in the schedule.” The ruling could have been in favor of Diageo too, given the fact that the contract literature did not mention or define a separate user type for mobile/cloud based users. Given this, it is clear that the situation would be assessed case by case basis and it’s not a one size fits all prophecy. The key to understand here is that if customers in similar situation are well prepared and can justify the indirect usage, they could be in a much better position.

More than “Direct” or “Indirect” the important word to pay attention is “access”. If a user is accessing SAP software regardless directly or indirectly, it comes under the scrutiny of license Audit. User license is measured by number and type of users. The type of license could vary from developer users, professional users, limited professional users to light ESS users. The price varies with the type of user category. So a “direct access” essentially is an access by a named/licensed user in the SAP system done directly by a GUI logon or an indirect logon via portal or an interface. An “indirect access” on the other hand is an access to SAP system by a non-named user or user with no license in SAP system, attempting to gain access via non-billable interface connections and creating a business value for the customer. In a blog post titled “Modern Pricing for Modern Times”, SAP for the first time made a statement on the issue of Indirect Access litigation. In summary, changes have been made to three scenarios, namely Procure-to-Pay, Order-to-Cash, and Indirect Static Read. Procure-to-Pay and Order-to-Cash scenarios will be licensing based on volume while Indirect Static Read access simply makes official that read-only indirect access will be free of license scrutiny. Note that the indirect dynamic access, like the real-time data processing still comes under indirect licensing scrutiny

What about me?

The SAP-Diageo’s case clearly shows that the latter took the hit due to either negligence or ignorance together with lack of preparation to handle the case and answers in the court. This could be a lesson for the existing SAP customers. It is time that SAP customers should go through checks and balances and do some internal reviews and house cleaning in the landscape. It is also important to debunk some notions and rumors.

Myth: SAP PI/PO/Middleware system creates Indirect access

Fact: This is not correct. SAP PI/PO system being a middleware is just a conduit for all messages and communication going out or coming in from SAP to external world. Middleware facilitates the communication between two different vendors, systems and technologies but does not create indirect access by itself. The situation should be assessed by looking into what data is being pushed/pulled from SAP and in turn what is the outcome. If the data is just for display/view purpose, it may not fall under scrutiny. But if the data is used to create a business outcome, it may come under scrutiny. A detailed evaluation and classification of access based on read vs non-read is required. Moreover, if it is a non-read, what are the volumes of order or Business outcomes generated.

Myth: SAP Licensing will be “Outcome/Volume based” only and not named user base

Fact: In the new indirect access policy, employees of the licensed company are still considered named users and will still be evaluated based on license categories like Professional, limited professional, employee etc. with SLAW and USMM measurements process. What changed with the new indirect access policy or “outcome-based” pricing is employees of business partners are now charged on orders only, similar to consumers. Orders placed by automated systems, devices and robots will also be priced based on orders. See figure-3 (Source: SAP White paper)

Myth: As SAP BW and other analytics package does a “read-only” data from transactional systems, it will come under Indirect Static read scenario

Fact: In Indirect static read scenario, SAP has put some criteria’s which help qualify a indirect read scenario:

  • Was created by an individual licensed to use the SAP system from which the information is being exported
  • Runs automatically on a scheduled basis
  • This information which is exported should not result in any updates or trigger any processing capabilities of the SAP System

SAP has excluded these SAP analytics package from this criteria: SAP BusinessObjects Enterprise; SAP BusinessObjects Lumira; SAP BusinessObjects Predictive Analytics; SAP Business Warehouse. This would mean a customer has to buy separate named user licenses for these capabilities

Do you fully understand your organizations financial risk from its usage of your SAP system?

As SAP continue to focus on audits which include analysis of Indirect Access, and with court rulings like Diageo, understanding your exposure and being prepared with hard facts is the key to minimizing financial risk