Blog

Miro Consulting specializes in software license audit defense, license management, subscription management, and cloud services, for Oracle, Microsoft & IBM.

Overpaying for Adobe Licenses & Subscriptions

Miro-Server-Room-2

Overpaying for Adobe Licenses & Subscriptions

by Phara McLachlan

Common statements:

  • “Adobe is no longer auditing”
  • “Adobe is auditing less”
  • “I don’t have to worry about compliance for Adobe products anymore”

Not quite true.

You still need to understand your license estate and the costs associated to it.

So many clients are overstating their requirements and needs, because they do not have a clear picture of what Adobe products are being used, what is truly needed, and/or if they are being truly used.

More than ever, you need to monitor new deployments of Adobe products in your environment. It is costly to make the assumption that you don’t have to worry about compliance or tracking your Adobe licenses and usage.

Can you answer if your expenditure on Adobe licensing has increased or decreased? When it’s time to renew, you should have those answers. You neither want to over or under purchase. Both scenarios will cost you money.

Now more than ever, you need to manage your Adobe subscription licensing.


Contact Miro
to find out how we can help you evaluate and plan your Adobe purchases to maximize savings and achieve the best terms and conditions possible.

Please call 732-738-8511 x1207 to find out more, or email us at sales [at] miroconsulting.com.



10 Oracle Cloud Mistakes to Avoid

Miro-Server-Room-2

10 Oracle Cloud Mistakes to Avoid

Oracle’s new cloud first strategy has forced many of its clients to seriously evaluate moving some of their estate off-premise and onto the cloud. There can be very attractive advantages to using the Oracle Cloud, but it’s critically important to avoid these mistakes in your decision making process. Here’s what you should avoid.

1. Buying Oracle Cloud Solely to Avoid or Settle an On Premise Oracle Licensing Audit

Be wary of buying Cloud products for the sole purpose of avoiding the start, or in settlement of, an Oracle LMS Audit. Buying under duress rarely produces a favorable outcome and typically pricing, terms and conditions, on these types of Cloud procurements, are deemed to be some of the worst and not soon after, regretted.

2. No Renewal Pricing

While the initial pricing can be attractive, it’s critically important to know renewal pricing when you sign the contract. Don’t assume that pricing will rise at a modest level and that initial ‘teaser rate’, may literally be just that, a ‘teaser rate’.

3. No Stated Pricing for Additional Quantities

Don’t assume pricing will remain the same if you need to order additional quantities of licenses after you sign your initial contract.

4. Missing Policy Terms

Standard Oracle agreements often leave out policy terms but instead of actual policy terms being included in the agreement, policy is noted as a link via URL. Review all policies linked by URL and determine if you want those to be included in your agreement.

5. Inaccurate Quote

Ensure all negotiated pricing, terms, conditions, definitions and examples are included in your ordering document or quote. ‘One out of three’ reviewed order document is missing an important price, term, condition or definition.

6. Overlooking the Hosting & Delivery Policies

The ‘H&DP document’ is a master file that contains six different policy documents that cover security, uptime, support, suspension and termination policies. Your organization may need to attempt to adjust/negotiate certain parts of these policies based on your business requirements.

7. Over-Purchasing Cloud Access

Don’t assume all cloud vendors count the same. If you are moving from one cloud vendor to another, or from one type of on-premise to Cloud, you may need varying quantities due to the way Oracle counts cores on its own cloud vs other vendor’s clouds. If, as an example, you are deploying Oracle assets into an Oracle cloud, you may need significantly less licenses than if you deployed in a non-Oracle cloud.

8. No Terms for Mergers, Acquisitions & Divestitures

It’s vitally important to know how mergers, acquisitions and divestitures impact your license rights. These types of activities can cause an organization to lose rights to the licenses or subscriptions it’s purchased, or prevent it from transferring those licenses or subscriptions to new business entities.

9. Not Considering Oracle’s Cloud at All

Oracle’s cloud has features and pricing that can be ideal for many business applications. It’s definitely worth evaluating what Oracle Cloud services can benefit your organization, especially if you already own Oracle’s on-premise licenses given the lower cost for deploying those assets into the Oracle cloud.

10. Going it alone

The best way to evaluate an Oracle Cloud purchase is to work with experience licensing analysts like Miro, who can help you evaluate what products are cloud friendly and what may be better left on-premise. Also, like every other potential technology investment, the ‘devil is in the details’ and knowing your options can make all of the difference in making an education decision to move forward.


Contact Miro to find out how we can help you evaluate and plan your cloud purchases to maximize savings and achieve the best terms and conditions possible.

Please call 732-738-8511 x1207 to find out more, or email us at sales [at] miroconsulting.com.


 


I missed IBM’s ILMT train. Now what?

IBM has offered the IBM License Metric Tool (ILMT) for years. With ILMT installed, clients can license their server-based software with the PVU metric by the sub-capacity method (only license the virtual cores allocated).

Occasionally, someone claims they can’t install ILMT because they missed the initial 90-day window IBM grants in the IBM Passport Advantage Agreement (IPAA).

Although that is in the IPAA, why can’t you install ILMT now?

If you install ILMT by the end of 2017, by 2019 you’ll have two years of quarterly reports and comply with IBM’s sub-capacity licensing terms.

If you don’t install ILMT, your licensing is calculated using the Full Capacity methodology by default. Full Capacity is the entire processing power of the physical host server. With environments becoming increasingly virtualized, besides the use of cloud, it’s in your best interests to license by Sub Capacity by meeting IBM’s requirement for quarterly ILMT reports.

How big a deal is the difference between Sub and Full Capacity?

If I had a large p795 with 256 cores, it could be huge. Here is an example using WebSphere Application Server (WAS) and MQ running on the same frame:

  • Full Capacity: If MQ and WAS were both installed on this frame, they’d both need 30,720 PVUs of licenses each
  • Sub Capacity: If only one 2-core LPAR had MQ, Sub Capacity would be 240 PVUs. The two LPARs of WAS total 3 vCPUs or 360 PVUs of licensing.

20171214 - IBM - ILMT

Outside of IBM hardware, the licensing difference between Full and Sub-Capacity can also be a large quantity.

If I had some 2-socket blade servers in a cluster the impact may not seem as bad, but due to the possibility that every virtual server could be on a separate physical host, the Full Capacity calculation may be larger than expected.

Here is an example of the physical hosts in the cluster, along with the PVU calculations for each:

20171214 - IBM - ILMT-2

If I had five virtualized servers within that cluster, all with small allocated vCPUs, one might assume that only 490 PVUs were required. However at Full Capacity, the licenses required would be 4,480 PVUs.

20171214 - IBM - ILMT-3

If ILMT is not installed now, when will it be installed? If you never install ILMT, your environment will remain at Full Capacity under IBM’s current IPAA rules.


IBM Passport Advantage Agreement Update

IBM Passport Advantage Agreement Update

IBM has revised their Passport Advantage Agreement, starting with new IBM software customer in November 2017 and with existing customers on 1 February 2018.

The Passport Advantage Agreement has not been updated since August 2014, but there are new changes:

It seems longer due to additional country terms, and a change of font size, but in essence it’s the same length.   Here are the details:

  • 1.9 Eligible Products:
    There are more details regarding eligible products, but the essence is the same. It relates to a situation where IBM discontinues support of a software product, that does not allow you to deploy and use a quantity in excess of what you own.  I’ve rarely had this come up in an audit situation, since most organizations understand they shouldn’t deploy more than they own.  However, let’s assume an organization loves Lotus 1-2-3, and deploys it enterprise-wide.  If it does not own licenses, it’s a theft of IBM’s Intellectual Property, even if the organization has sunset support on the product.

  • 1.10 Renewal:
    A paragraph was added about prorating for Fixed Term, Token, or regular Software Subscription and Support. Although not contained in the IPAA before, IBM was able to prorate charges previously.

  • 1.12 Compliance Verification
    This is important with regards to audits. The 2014 IPAA only had one paragraph in this section.  The 2017 revision has some additional information, but the idea is still the same.

    • Client will purchase adequate software licenses before deploying IBM software.
    • Client is responsible for knowing where they deploy IBM software and maintaining accurate records.
    • Client will provide this information to IBM, or their auditor, upon request.
    • If Client has excessive usage of IBM software, they will be responsible for buying adequate licenses.
    • If Client has inadequate records of software usage, two years of software support may also be charged.

What has been added to the IPAA?

1. Further clarification regarding IBM’s possible use of an independent auditor

2. Compliance Verification is applicable to all sites and environments

These two items are not new with regards to IBM Software License Reviews.  IBM generally uses an independent auditor for data collection and assessment, and the IPAA terms apply to all sites and environments where the client is using IBM software.

  • 1.13 Programs in a Virtualization Environment (Sub-Capacity Licensing Terms)
    IBM added a paragraph to be more specific regarding non-compliance with Sub-Capacity licensing.  This further explanation does not change the terms though.  All IBM software customers are Full Capacity by default.  If a customer adheres to the Sub-Capacity licensing terms, they can license only the actual or virtual processor cores allocated to the software program, aka Sub-Capacity.

  • 1.14 Client’s Reporting Responsibilities
    There was a slight change in this section.  Prior to this version, customers could subscribe to notifications.  The IPAA has been updated to ‘Client will subscribe’. There is also an addition of ‘Client will not alter, modify, omit, delete, or misrepresent by any means, directly or indirectly’ any audit reports (part of 1.12 Compliance Verification).

    In general, the overall agreement hasn’t changed.  The addition or changes to language to the three sections that regard compliance, 1.12, 1.13, and 1.14, just have some clarification, rather than any ‘rule changes’ with regard to licensing and IBM Software Audits.


8 Signs You’re About To Be Audited For Non-Compliance

Oracle Software Audits, Microsoft Software Audits and IBM Software Audits can be challenging, time consuming and expensive.  Preparation is the key factor.  If these items apply to your organization, it’s likely you could soon be audited for non-compliance.

1. Merger, Acquisition or Divestment

Software companies like Oracle, Microsoft and IBM know that tracking software assets can be difficult during a merger, acquisition or divestment. When databases get merged and assets combined, licenses are often the last thing on IT staff’s list of tasks. While everyone is focused on getting critical business systems online, software companies take the moment of weakness as an opportunity to audit their clients.

2. Backed out of a purchase

If you recently negotiated a purchase with a software vendor, but then declined to finalize the deal, you are very likely about to be audited. Vendors may assume that you still need those licenses and subscriptions, and that you are trying to avoid paying for them. Unless you are working with a licensing specialists and have complete documentation for your entire environment, an audit is very likely in your near future.

3. Past Noncompliance

If you’ve been audited in the past, you are a prime target for future audits. Some software vendors like Oracle, IBM and Microsoft may audit companies in as little as 18 months from their last audit. During a software audit, compliance teams may look to see if your organization is setting up a system or process for license management.

4. No License Management

If a software vendor is conducting an audit, and they see that the target company is not planning for the future by setting up a process, team or outside consultant to oversee the licenses and subscription management of an organization, they may mark that client for future audits. Not having a license management specialist in place is a sign of vulnerability which vendors may exploit.

5. Reports of Organization Instability

Are there press reports or industry journalists reporting a rising level of instability within your organization? Software vendors have learned that executive departures, office relocations, downsizing or rapid growth are all signs of likely non-compliance at an organization. These red flags may often trigger a software audit.

6. Your Rep is suspicious

Software vendors like Oracle, IBM and Microsoft have trained their sales reps to look for suspicious behavior at the organizations in their territories. If your sales rep is calling you and asking you a lot of questions about your environment, this is frequently a sign of an incoming software audit.

7. Virtualization or Cloud

If you’re organization is looking to move to the cloud or using virtualization, the chances of a software audit greatly increase. There are many complex and ever changing rules regarding virtualization, having to do with processors, cores and server counts. When you factor in virtualization in the cloud, even more rules apply. While companies often employ these technologies to reduce costs, they can lead to audits that cost more in the long term.

8. Your Licensing Expert Leaves

Did your licensing expert just leave the company? If so, your software vendor probably knows. License compliance teams at software vendors like Oracle, Microsoft and IBM keep track of how your organization is managing its licenses and renewals. Using outside consultants is a common strategy used by many large enterprise clients as a way of avoiding audits when personnel changes.

With proper experts managing your licenses and compliance, organizations can be well prepared for the inevitable software license audit.  Miro can help your organization with software audit compliance, license management, subscription management and cloud services.  Contact Miro today if you’re facing a software audit or want to know if you’re ready to be audited.  Our experts can review your environment and let you know if you’re out of compliance or paying too much for licenses and subscriptions.


6 Microsoft Audit Triggers

Did you know your Microsoft Reseller can tell Microsoft to audit you?

For the last several years, Microsoft and other software vendors have been pressuring their customers with audits. The reasons were many and include stagnant revenue, recovery from the economic turmoil of the preceding decade, changes in corporate direction, and more.

Microsoft turned to software audits to compel organizations to transition to products and services that fit their “Mobile First, Cloud First” strategy.  So what triggers these audits? What puts an organization “on the list?”

  1. Your Reseller Told Microsoft to Audit You

    Many Microsoft Resellers now have SAM Divisions, meaning Software Asset Management. While they may be distinct legal entities from your Reseller, they operate as a single company. These new SAM divisions can refer you to Microsoft as a potential audit target, based on the information they gathered while acting as your reseller. Microsoft uses these recommendations to prioritize audit targets based on how serious the potential violation is.

  2. Purchasing History

    Did you fail to renew your Enterprise Agreement during the economic downturn, as a cost reduction measure? Have few Microsoft purchases have been made since? If this occurred, with annual true-ups no longer necessary, Microsoft will wonder how business is still being supported with hardware and software that is very old.

  3. Technology & Licensing Changes

    BYOD, desktop virtualization, hosted services, license mobility, cloud environments, transitional licensing, bridge licenses, metric changes and evolving Software Assurance benefits all make adherence to licensing rules challenging, at best. Microsoft knows this and will use it to position your environment as non-compliant.

  4. Mergers & Acquisitions

    The Microsoft Account team will view any M&A activity as a potential opportunity. For example, when an organization with an active Enterprise Agreement acquires another company, Microsoft will assume an increase in the number of qualified devices or users. Beyond any contractual obligations that may exist, the Microsoft Account team will see a revenue windfall.

  5. Transition to the Cloud

    Cloud subscriptions are presented as the easiest path to achieving and maintaining license compliance. Office 365 has reached critical mass in the commercial space, which reflects Microsoft’s success in engineering the transition. And it will continue with this process and even repeat it as it tries to upsell existing subscribers.

  6. Disgruntled Employees or Former Employees

    Organizations such as the Business Software Alliance, of which Microsoft is a member, actively ask individuals to come forward to report non-compliance issues. This isn’t unusual as employees – former or existing – may want to create difficulties and instigate an audit.

The best advice for an organizations is to complete its own, proactive License Position Assessment as soon as possible via an independent expert. This assessment will provide the snapshot needed to determine any exposure and allow the organization to prepare and protect their budget from unexpected costs from Microsoft.


MAD Software Audits: Mergers, Acquisitions and Divestiture

Software audits by companies like Oracle, Microsoft and IBM are frequently triggered when an organization engages in MAD activity; Mergers, Acquisitions and Divestiture.

Software asset managers (SAM) and procurement staff should be aware of the specific challenges related to MAD activity within their organization.  It’s vitally important to retain policy documents and licensing contracts to ensure compliance.  When these vendors become aware of MAD activity at an organization, they typically investigate these specific areas:

  • Has the organization purchased new licenses to account for an increased headcount?
  • Is either organization’s systems being absorbed into the other or will they function as two distinct entities?
  • Does either organization have license rights to share licensing?

The vendor’s sales or license compliance teams need to know and understand the answers to these questions, as the sheer act of any MAD activity greatly increases the likelihood that they will be audited by a software vendor, or receive an offer by them to do a “health-check” with the organization to ascertain if it’s in compliance.  Refusing a health-check is permissible, but will very likely lead to a formal audit.

Other organizational changes resulting from a merger, acquisition or divestiture can create additional factors that will trigger an audit.

These factors include:

  • Virtualization – if the new business entity engages in virtualization as a means of reducing costs
  • Decreased License Spend – if a new business entity reduces its licensing spend to account for a reduced workforce
  • Competitor Cloud Purchase – if the business is running or intends to run one vendor’s software on another vendor’s cloud

Risks

For many vendors, the standard policy for organizations which are out of compliance is a mandatory license purchase at lower than normal discounting, plus maintenance and support, for any licensing shortfalls.  These costs can range from tens of thousands to tens of millions of dollars in un-budgeted costs.  If the organization did not negotiate for the right to transfer their licenses to a new business entity, they could be forced to purchase an entire new set of licenses to cover areas the organization thought would be covered by current licensing.

Recommendations

Software asset managers and IT executives should focus on these key areas to ensure compliance and defend against a software audit

  • Retain copies of all contracts and relative vendor policies from the time the contracts were signed, as they often change
  • Perform due diligence to ensure that your installed applications and users match your entitlements
  • Negotiate key terms that will best support future changes of your organization
  • Engage software asset management experts to help with purchasing, negotiating and managing license contracts and renewals
  • Initiate a “Self Audit” with industry experts to ensure compliance before you get audited by the vendor

About Miro

Helping clients navigate licensing decisions and evaluate options for M&A situations is a standard practice for Miro. Here are just a few examples of how Miro has guided and supported clients who were involved in M&A activities.  Contact us to learn more.


Flexera’s FlexNet Manager for IBM in lieu of IBM License Metric Tool (ILMT)

IBM uses their own proprietary software asset management tool, ILMT.  “The IBM License Metric Tool [ILMT] helps you maintain an inventory of the PVU based software deployed for your Full Capacity or Virtualization (Sub-) Capacity environment, and measures the PVU licenses required by software Product. It is intended to help you manage your IBM software licensing requirements, and help you maintain an audit ready posture. Customers are responsible for supplying hardware and installation services required for installing the tool” according to IBM.

To clarify a possible misunderstanding or a case of not reading all the directions, if you wish to have an exception from IBM to not run ILMT, your exception should be granted in writing.  Do not assume IBM will grant you an exception, especially during the course of a Software License Review (SLR or audit).

IBM lists basic exceptions where you could use manual quarterly reporting in lieu of ILMT:

  • Less than 1,000 employees and contractors – this is total employees, not just those using IBM technology.
  • Less than 1,000 PVUs total physical capacity of your servers with Sub-capacity licensing within your global enterprise
  • Customer’s eligible virtualization technology is not supported by ILMT. However, you would be required to use ILMT within 90 days of a virtualization technology becoming eligible.
  • ILMT eligible technologies are listed by IBM at http://www-01.ibm.com/software/passportadvantage/subcaplicensing.html

After not meeting the above conditions that IBM has stated, an IBM customer would need to contact IBM to request an exception to not use ILMT with a reason and what you plan to use in place of ILMT.  IBM could decline to accept your proposed alternative.

In 2015, Flexera updated their FlexNet Manager for IBM to mimic ILMT’s minimum scan frequency of every 30 minutes beginning with 2015 R2.  IBM has given exceptions to customers using this SAM tool, but you need to ask IBM for an exception to use FlexNet Manager for IBM 2015 R2 or later in lieu of ILMT.  When that exception is granted by IBM, the IBM customer should be required to sign a Passport Advantage amendment with the related terms.

Although FlexNet Manager for IBM has its own native discovery, IBM recommends using it as an data aggregator with your ILMT, TAD4d, or BigFix agents.  There may be a downside to this because ILMT or other products and their updates would still be necessary.

Additionally, IBM has not certified Flexera’s product as accurate and leaves the responsibility with the IBM customer to verify the reports.  The Flexera tool also needs to remain the equivalent of the current ILMT release.

With or without an exception, IBM software customers are still responsible for knowing where they deploy IBM software and having an adequate number of licenses.