Miro Consulting, Inc. Audit Trails

IBM will release its new Power9 processor chip in 2017

IBM will release its new Power9 processor chip next year. There’s a lot of promise with this new architecture regarding new technology, machine learning, and overall speed. It will support both Linux and Unix and be available with up to 24 cores, optimized for 2 sockets scale-out servers.

IBM expects their low-end Power9 servers to be over $6,000 in mid-2017. Other manufacturers may offer Power9 servers for less. Additionally, IBM will license Power9 schema to others to design and build custom chips. (IBM’s Power processors were exclusive to IBM servers prior to IBM partnering with the OpenPower Foundation in 2013.)

What will this mean for Intel’s x86? X86 is a favorite in data centers, including cloud based. Will overseas manufacturers churn them out as affordably as the x86 servers? Google has already expressed interest for Rackspace if Power9 offered a 20 percent savings on either performance or price.

Will software licensing be factored into any possible hardware upgrade?

  • Oracle offers a general 2 to 1 software licensing advantage to x86 technology over pSeries. Will the compute ability of Power9 be superior to two x86 cores and not be an issue?
  • IBM licensing does not offer an advantage to either hardware choice – x86 or pSeries. However, migrating to new hardware with IBM software may still change the core factor (PVUs per core).

Oracle’s Compliance and Optimization Licenses Service Unit (COLS) is closing down

The Register is reporting that Oracle’s “Compliance and Optimization License Services Unit (COLS) is being shut down.  With about 150 people in the UK and EMEA, COLS was created to support the LMS division, which was reportedly not meeting its goals.

Where LMS operates in a more precise manner when reviewing licensing compliance, COLS was more of a division of the sales operation, specializing in cutting deals and giving discounts.

The Register’s source is reported as saying “LMS auditors do make mistakes so customers should do their own due diligence before making any claim.”

Miro is the leading expert in conducting license compliance due diligence for companies using Oracle products.  With COLS ceasing operations, its more important than ever to ensure your organization is in compliance before you receive an audit letter from Oracle.

To discuss how this change may affect your organization, please email Miro VP of Marketing, Shawn Donohue, at sdonohue@miroconsulting.com.

Read more at the Register

Tagged with:

Data Breach at Oracle’s MICROS Division – KrebsonSecurity.com

Krebsonsecurity.com is reporting that a Russian organized cybercrime syndicate has compromised MICROS point-of-sale support portal. Oracle responded that they had “detected and addressed malicious code in certain legacy MICROS systems”. The hackers placed malicious code on the MICROS support portal and captured customers usernames and passwords when they logged in. Its reported that over 700 systems have been infected.

Oracle will force all support accounts on the MICROS portal to do a password reset, adding “We also recommend that you change the password for any account that was used by a MICROS representative to access your on-premises systems.”

Security issues like this may prompt Oracle customers to review their Oracle annual support entitlement and cost. If your organization has had security or other problems with Oracle annual software support, Miro recommends reviewing your overall annual support structure and inventory as well as discussing options for support.

To learn more about Oracle annual support renewal and how Miro can help optimize your support coverage and annual support investment, please contact us.

Read more about this issue at krebsonsecurity.com


IBM Ends Support for ILMT 7.2.2 and 7.5

IBM will be discontinuing support for two older versions of the IBM License Metric Tool (ILMT) soon, and recommends migration to ILMT 9.x.  Even though many users are still on v7.5, IBM will discontinue support for the product in April 2017.  IBM has listed resources to assist with planning your migration.

Why would someone want to use IBM’s License Metric Tool (ILMT)?

IBM’s Passport Advantage Agreement (IPAA) is the master document for all of IBM’s distributed software – PVUs, RVUs, users, etc. that could be downloaded through Passport Advantage or Passport Express. The document briefly explains by default every IBM client is licensed at full capacity unless they install ILMT and run it as described.

With ILMT, a client can license their distributed environment by sub-capacity. This greatly favors any environment with virtualization and reduces the amount of PVU and possibly RVU-metric software required. Sub-capacity allows you to license only the processing power allocated to IBM’s software rather than the entire server. IBM offers ILMT at no cost for the license (D561HLL) or annual support (E0256LL).


Minimizing audit penalties with IBM

There are opportunities at every stage of an IBM audit to reduce the quantity of violations and amount of penalties you will owe.

Here are some tips:

  • ILMT report verification – If you’re running ILMT, verify the report. With the complexity of IBM software, their tool may not be reporting the correct number without some tweaks. The ILMT reports are simple to read once you get the tool up and running so it’s possible that you could be on top of any deployment of software using the PVU or processor value unit metric before you receive that audit letter.
  • Authorized Named Users – For users where you have authorized name users, if you’re running another software asset management tool in your environment, look at your end user workstations and compare the head count to your licenses. Don’t forget anyone that may be on Citrix, or accessing the software by another method.
  • Look at the programs themselves – For example, Lotus Notes has a names.nsf file. How many users are listed there? Are there old employees that need to be cleaned out, or ancient group email boxes that are no longer used? Do you have floating or concurrent user licenses that are not on IBM’s new token metric? Is there a tool that meters the usage so you can compare it to the license entitlements?

These are some simple ways to approach audit shortfalls and possible penalties in advance, but when you’re in the middle of an audit it’s important to just work through the results as best you can. Look for errors at every turn; ask questions for things that don’t make sense. The auditors are patient and will go through it with you. They might even suggest a comparable or upgraded license that can backfill a shortfall.

Tagged with:

IBM Audits in a changing environment

Between the time of the audit notification and the time for the discovery, how does IBM account for changes in the environments?

The audit is done at a point in time. If you’re running ILMT, the tool is set up to report a high-water mark for the quarter. IBM and their auditor will see that – remember, you are asked to keep two years of reports on file for IBM’s use.

If you do not run ILMT, the peak usage may be invisible to IBM, BUT why would you license for full capacity? Full capacity is not favorable to anyone running IBM software that has a hardware-based metric in a virtualized environment. That includes hosted environments too.

Without ILMT, the audit results for full capacity will frequently be judged worst-case.  If you have a virtualized cluster on a mixed set of hardware, that VM session may be counted on the largest server in the group because at any time, it may have run on that hardware.

Tagged with:

Oracle applications: Any Good Discovery/Monitoring Tools Out There?

We certainly have received a lot of queries in the past year about monitoring tools and while there are some very interesting tools that seem to have reached some type of maturity out there, the simple fact is that no matter how wonderful the monitoring tool may be there simply is no tool out there that allows for comprehensive monitoring. Currently, there are no monitoring tools that consistently tracked all Oracle applications or even most Oracle applications from what we’ve seen of the market.  The identification of Oracle application usage is much more difficult than the Oracle technology products like database.  And even with the database, there are extreme shortcomings in many of the discovery tools we’ve come across (not for lack of trying to close the gap on the part of the discovery tool vendor).  Discovery tools would find great difficulty with applications as there are many factors that come into play such as View Only report generators, advanced users, particular licensing nuances built into contract and many more scenarios that prevent accuracy of a monitoring report.


Remember that a discover tool’s function is only for discovery and is only the first step in the process. You’ll also need to confirm compliance as license compliance covers areas that go beyond the scope of physical use or rights tracking. There maybe one or two good ones out there for Oracle that help jump start the process, but the fact is that they aren’t comprehensive and have understandable limitations.

Tagged with:

Saving on PVU-based IBM software

IBM accepts a wide variety of virtualization technologies including VMware.

With IBM allowing subcapacity licensing, there is a misconception that this method of counting licensing is automatic. Please refer to IBM’s licensing rules. Currently the Passport Advantage agreement is in effect and it is only 9 pages long –


With subcapacity licensing, you have reporting responsibilities. Either use IBM License Metric Tool (ILMT), or if exempt follow the alternate reporting method described by IBM.

Once you’ve passed this hurdle, you are now a subcapacity customer of IBM’s for your software that is licensed based on the hardware it’s installed on. Now you can dive deeper into controlling licensing costs for this type of software or at least avoid a rude awakening following a hardware refresh.

You can check out the IBM PVU table to compare the PVUs required per core for your current or future hardware. If your old hardware was 120 PVUs per core and if you just copy the partitions on the hardware that’s 80 PVUs per core you’re now ahead of the game! If your environment is 80 PVUs and you’re moving to 120 PVUs per core that’s not in your best interest unless you have a lot of extra licenses.

Let’s say you’ve decided to outsource your environment for a different sort of cost savings. This can be a whole other beast to tackle. Your hosting company may not be under any obligation to inform you of any of their hardware changes; their obligation to you, as the customer, may be to only meet their contractual Service Level Agreements (SLAs).

Will the hosting company run ILMT for you? If they won’t, do you have an exemption to manually report your software usage? Do you need to ask IBM for a specific exemption for your new hosting set-up and are you ready with a plan to measure that software usage?

Tagged with: