IBM – The Dark Horse of Software Audits?
Are Companies Underestimating IBM Audits?
I recently interviewed Alan Swahn, VP of Product Management at Flexera Software. We discussed IBM Licensing and the IBM audit program.
Q. Why IBM? Shouldn’t companies spend more time focusing on Microsoft, Adobe or Oracle audit compliance?
Many of IBM’s customers are facing significant software audit risk, as IBM has implemented a comprehensive audit program. IBM has undertaken what may be the most comprehensive software audit program in history. Performed by Deloitte LLP, these audits drive compensation for any unlicensed software discovered and back maintenance for previous years.
According to a recent Gartner survey, software audits are increasing. (Gartner, Survey Analysis: Survey Shows Another Increase in Software Vendor Audits? IT Asset Managers Should Prepare Now, 2 March 2011) The Gartner survey of 144 respondents attending Gartner’s IT Financial, Procurement and Asset Management Summit indicated that 61% have been audited by at least one software vendor in the past 12 months. This is the highest percentage of any comparable survey. In 2009 the percentage was 54%; in the prior three years it was between 30% and 35%. The vendors listed as carrying out the highest number of audits were IBM (41%), Adobe (40%), Microsoft (35%) and Oracle (19%).
Q. What do companies need to know about IBM Licensing complexity in order to ensure compliance?
Most IBM software licenses require that companies pay for software installed regardless of whether is it executing. This is one of the primary issues with software audits because of the technical difficulties of accurately determining what has been installed.
IBM licenses are delivered with no constraint on the number of software installations. As a result, in a distributed environment, many installations may occur with the same license, bringing the company out of compliance. Audits can reveal problems in other areas such as Lotus where Client Access Licenses (CALs) are used. For instance, Notes Enterprise CALs allow access to a full range of features including the use of Domino Designer, but this is not the case for Notes Messaging CALs. As there is no license control on CALs it is fairly easy to drift out of compliance.
IBM offers a variety of licensing and pricing programs to address the diversity of its customers and its large number of products. Each program has its own metrics, rules and options. Close monitoring of the IBM offerings, which change on a regular basis, and internal product usage is required prior to negotiation to select the right offering.
IBM uses multiple contractual documents including the IBM Customer Agreement (ICA), International Product License Agreement (IPLA), and License Information (LI). Each carries its own set of terms and conditions, which sometimes creates confusion on licensing entitlements. Furthermore some policies such as backup and disaster recovery license entitlements are not detailed in any agreement, but are detailed on the IBM web site and could change at any time. All these documents and references contribute to the difficulty with managing IBM licenses.
Alan Swahn, Flexera Software
Q. What about Virtualization?
Virtualization adds an additional layer of complexity. Virtualization is the hottest trend in the market today and will remain so for several years. It is used for both infrastructure modernization and cloud computing.
The market for Operating System Virtualization will grow, in terms of volume, as much as five-fold in the next three years (Gartner, Magic Quadrant for x86 Server Virtualization infrastructure, May 2010). To further illustrate the magnitude of this trend, as of the end of 2009, 18% of enterprise datacenter workloads that could be virtualized have been virtualized. This number is expected to rise to 50% by the end of 2012.
IBM has been a leader in datacenter consolidation and has provided its customers with opportunities to drive down costs with its hardware partitioning technology (LPAR), license type (PVU, WLC, etc.) and sub-capacity licensing rules.
LPAR is a partition technology enabling the installation of multiple instances of operating systems on the same physical machine. With the LPAR technology, processors and cores are attributed to each partition. The sub capacity licensing rules are based on the number of processor cores available to each partition running a given application, rather than number of cores in the entire physical server.
Enterprises underestimate the license management complexity introduced by virtualization technologies. For instance the possibility to create, delete or move a virtual machine to another server with a simple click, to modify the properties of a partition or its pool of hardware resources, potentially impacts the license compliance position of an enterprise. Virtual environments should be managed and optimized with the same diligence as the software running on an enterprise’s physical devices.
Alan Swahn is VP Product Management at Flexera Software.
Related articles:
- Tags: 1_IBM_MR · alan swahn · auditing · auditing programs · client access license · Flexera Software · IBM · ibm license · ibm software · lpar · Microsoft · oracle audit · oracle corporation · software · software audit program · software auditing · software licenses · software vendors · virtualization software licensing
About Martin Thompson
Martin is also the founder of ITAM Forum, a not-for-profit trade body for the ITAM industry created to raise the profile of the profession and bring an organisational certification to market. On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.
He is also the author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management. In addition, Martin developed the PITAM training course and certification.
Prior to founding the ITAM Review in 2008 Martin worked for Centennial Software (Ivanti), Silicon Graphics, CA Technologies and Computer 2000 (Tech Data).
When not working, Martin likes to Ski, Hike, Motorbike and spend time with his young family.
Connect with Martin on LinkedIn.
Until last year when IBM did not instist that customers were required to use the ILMT (IBM License Metric Tool for Passport Advantage customers), now we are hearing from 100’s of customers who need help with ensuring that this tool is correctly configured.
Deloittes are not the only company providing audits for IBM, and within the UK they have only had a share of this IBM market for the last 3 years with KPMG LLP providing the bulk of the audits. Both Companies are represented globally and will use similar techniques to audit.
The programme is extensive and will target all levels of business even to a single product install. This has been very succesful for these auditors and for IBM over the years, although recent years have seen a reduction in IBM UK’s findings but other markets are emerging for them which helps the Software Compliance team deliver large amounts of revenue to the business.
All this could mean they are aggressive in their stance but having worked at one of these auditors where they would report everything, IBM were always willing to discuss with its customer and in the UK they would usually put the customer relationship at a higher value (depending on how much you had spent of course) and would give customers the benefit of doubt, and not enforce fines or back maintenance as other vendors try and do.
IBM do have a wealth of different licences and terms but they do at least publish the licence agrements and they can generally be traced back to get the details needed. just go to the licence page on software and search for the product. They also have a nice versions and EOL system, which I have found ideal for proving entitlement to a version without maintenance.
Well, also you have to understand that IBM is not going to a customers, doing an audit and then blindly enforcing the payment of all the non compliant licenses it finds. What usually happens is that IBM sits with the customer and goes thru the list and they together determine if the software is actually used or not. You would be surprised how much the original reports and finalized ones differs. IBM has been very fair in vast number of compliance cases I have witnessed.
This is still happening in 2016. I have heard a number of stories where IBM have audited their customers and ended up fining them in the order of millions of dollars.
IBM are also incentivizing their partners and service providers to detect and report licensing compliance issues to them.
Thanks for bringing up the issue, as it’s an important one for all companies and one that is typically handled poorly in my experience.
It might be time for a refresh of the info presented, as the issue hasn’t gone away and has probably become more important since this article was published.