This post on software license auditors’ use of IBM’s License Metric Tool was authored pre-COVID-19 pandemic. While many IT vendors are showing empathy to the unprecedented challenges of today’s business climate, NPI has not yet seen any change on the software license audit front. Vendors are still auditing their enterprise customers, new audit notifications are still going out, and inflight audit activity has not slowed except in cases where customers are dealing with critical business disruption.
Generally, a software audit is a point-in-time analysis of software deployed reconciled against entitlements owned. However, some software vendors have introduced the concept of periodic reporting requirements, which provides auditors an extended and more granular view of license consumption. It also provides auditors the opportunity to identify ‘peak capacity’ over time which can be used to maximize their findings and compliance fee claims.
IBM’s License Metric Tool (ILMT) quarterly reporting was one of the industry’s first periodic reporting requirements to track sub-capacity licensing under Passport Advantage using the processor value unit (PVU) metric. Per IBM’s website: “Sub-capacity licensing lets you license an eligible software product for less than the full capacity of your server or group of servers. It provides the licensing granularity needed to leverage various multi-core chip and virtualization technologies.”
While the tool and its reporting appear to be straightforward, they are anything but. In fact, in some situations, use of ILMT can be a stealthy compliance killer.
NPI has observed challenges with ILMT reporting that produce sizeable penalties as firms lose the right to sub-capacity utilization and have audit findings based on full capacity. It’s not uncommon for penalties to exceed $10M due.
Reporting Challenges
Challenges include:
- ILMT must be deployed and reporting within 90 days of Agreement execution. Many times, firms are simply not prioritizing implementation of ILMT, and don’t realize that if they haven’t got it installed, full capacity will be used to calculate licensing requirements in an audit.
- ILMT is deployed but missing servers where IBM PVU software is deployed. Again, where it is missing, full capacity will be assumed in an audit.
- ILMT is deployed and forgotten leading to scan failures, incorrect bundling and other negative outcomes. Note: ILMT is a somewhat unstable tool that requires careful calibration and maintenance to ensure accuracy.
- ILMT is not kept current and therefore missing important updates to keep the tool optimal.
- Teams don’t understand ILMT output and how the data will be utilized in the event of an audit.
- Team don’t take advantage of properly configured ILMT to right-size maintenance in the next renewal cycle.
Failure to address these challenges will result in IBM evaluating the customer under a full capacity licensing model, which has huge budget/true up implications.
Steps to Improve ILMT Accuracy and Mitigate the Risk of an IBM Software License Audit
For those customers that must meet IBM’s reporting requirement for sub-capacity licensing, NPI recommends taking steps to mitigate audit risk and turn potential exposure into valuable intelligence.
First, take the time to fully understand the ILMT tool and the way to optimize calibration in your environment.
Second, establish formal review and approval of the required quarterly reports to ensure accuracy. This includes ensuring ‘peak capacity’ is accurate and aligned with previous reporting periods, or identification of the contributors to the new high-water mark. Customers should also explore optimization and clean-up opportunities before formalizing the report. With accurate ILMT data, software asset management and IT leaders can generate accurate virtualization profiles leading to optimization and further efficiency opportunities to control cost and improve performance.
Making sure your IBM software estate is in compliance and optimized is a sizeable undertaking – and a necessary one as the vendor continues to double down on compliance enforcement.
(Note: FYI, NPI offers services to help customers validate and optimize their IBM software compliance position. We help you perform internal self-audits and help you make sure the IBM License Management Tool is calibrated for accurate reporting.)