A recent conversation with IBM software executives sheds more light on the topic of software audits. Responding to a blog post we published a few months ago, IBM recognized some of the challenges inherent in an IBM software audit.  They proclaimed that getting through an audit, addressing these challenges, and moving towards license optimization is cemented in Software Asset Management (SAM) best practices. IBM also told us that the causes of client exposures fall into one of three categories:

  • Customers' indifference to their responsibility in an IBM software agreement. Few companies fall under this category, as most decide to be held accountable for their compliance.
  • Loss of deployment control. Complicated licensing structures and poor SAM practices characterize this category. While IBM licenses inherently are complicated, clients add to the complexity when they deviate from the standard contract in an effort to add flexible terms. A common example of a poor SAM practice that contributes to IBM software exposure is the lack of communication between those that procure the licenses/negotiate entitlements and those that deploy licenses.
  • Over-deployment due to non-malicious gross error. While companies may not maliciously over-deploy IBM software in their environments, some innocently deploy them by accident. A common example includes the case of the "golden CD" where software from a CD is mistakenly replicated across the vast server landscape. Additionally, some companies misinterpret their entitlements. An example of this includes deploying licenses based on a misunderstanding of their terms and conditions.

Since the blog post, one of the biggest areas of concern I commonly hear from clients is their potential exposure on sub-capacity (virtualization) licensing and IBM’s License Metric Tool (ILMT).  Clients initially relied on ILMT reports to collect accurate and complete information only to find out later that they may not have configured the tool correctly and/or it tends to report back inaccurate information.

And their experience with other tools isn't much better. With some of the SAM tools and services out there, it’s difficult to achieve the basics — getting a complete and accurate list of installed software, hardware details (chips, cores), virtualization details (VM machines, logical partitions — some of the areas that are more difficult for a tool to collect information for, but necessary to show what was deployed).

As a result, we're looking to focus research on sub-capacity licensing. If you're interested in sharing your experiences on sub-capacity licensing, ILMT, IBM contracts, SAM services in general, or would like to participate in any of the discussions we’re having with your peers, please feel free to reach out to us. Though many of IBM’s points on software audits were outlined in this research report and discussed on a previous teleconference, I’d invite you to email me with any questions, issues you may have encountered in your audits, or challenges to IBM’s take on the subject.