Miro Consulting, Inc. Audit Trails

MEGABYTE Act – New Federal Software Licensing Requirements

CIOs will be required to implement a comprehensive licensing policy to manage software inventories

The Office of Management and Budget (OMB) issued guidance in June on agencies inefficient use of software licensing as well as what it saw as excessive spending.  Now the White House is involved.  President Obama signed the Making Electronic Government Accountable by Yielding Tangible Efficiencies Act (MEGABYTE Act) on July 29, 2016.  It will require agency CIOs to more accurately track their software and applications licenses.  You can review the law itself here.

“The new policy is another step forward in implementing the President’s vision for a modern government, one that leverages private-sector best practices to achieve a Federal Government that is smarter, savvier and more effective in delivering for the American people.”  United States Government CIO, Tony Scott, and CAO, Anne Rung, co-wrote a blog post at whitehouse.gov explaining the reasoning for passing the new law, and what it means for the future.

“Examples of the other work the Enterprise Software Category Team (ESCT) will take on include consolidating software requirements across multiple agencies to begin the process of negotiating two additional government-wide enterprise license agreements by the end of the year, recommending further policy changes, sharing best practices across the government to improve how we buy and use software, and monitoring agency progress toward reducing duplicative agreements.”

Scott and Rung wrote that the government’s ESC Team expects CIOs to solve the problem with experts, not applications.  “It calls on agencies to appoint a software manager to centrally manage software buys and reduce underutilization, to maintain a continual inventory of software licenses and better track usage, to consolidate redundant applications while identifying other savings, and to maximize the use of best-in-class solutions.”

Its not just government agencies that can save on software licensing by making better informed decisions.  Public and private companies with multiple units and divisions can also likely benefit from the same type of software licences central management, leveraging their purchase size to gain better prices and contract terms. “Smarter acquisition strategies typically don’t garner a lot of headlines or attention. But they matter.”

To learn more about how Miro can help your company make better software management decisions and achieve significant savings, please contact us.


Adobe Moves Away From Audits, But You’re Not Off the Hook Yet

by Phara McLachlan

Adobe’s Richard Atkinson confirmed that they are moving away from the audits program. While this removes the labor-intensive audit process that companies face, it doesn’t remove the actions that need to be taken post-audit, which will likely result in un-forecasted expenditures and additional implementations.

The reason for Adobe’s move away from audits is Adobe Genuine, which runs validation tests. While Adobe has eliminated the complexity of the audit, don’t be fooled that an enterprise with non-compliant software won’t have to worry anymore. They do and it’s highly likely they will need to procure Adobe licenses.


  1. Adobe Genuine “sniffs out” pirated software. Similar to a post-audit, Adobe will need to take action and the organization will have to purchase the software.
  2. Invalid licenses will be discovered by Adobe Genuine resulting in re-purchasing of licenses.

While Adobe has moved away from formal audits, Adobe Genuine’s “validation test” is basically Adobe’s automated discovery tool. It wouldn’t surprise me if many more software vendors move to this model.


IBM will release its new Power9 processor chip in 2017

IBM will release its new Power9 processor chip next year. There’s a lot of promise with this new architecture regarding new technology, machine learning, and overall speed. It will support both Linux and Unix and be available with up to 24 cores, optimized for 2 sockets scale-out servers.

IBM expects their low-end Power9 servers to be over $6,000 in mid-2017. Other manufacturers may offer Power9 servers for less. Additionally, IBM will license Power9 schema to others to design and build custom chips. (IBM’s Power processors were exclusive to IBM servers prior to IBM partnering with the OpenPower Foundation in 2013.)

What will this mean for Intel’s x86? X86 is a favorite in data centers, including cloud based. Will overseas manufacturers churn them out as affordably as the x86 servers? Google has already expressed interest for Rackspace if Power9 offered a 20 percent savings on either performance or price.

Will software licensing be factored into any possible hardware upgrade?

  • Oracle offers a general 2 to 1 software licensing advantage to x86 technology over pSeries. Will the compute ability of Power9 be superior to two x86 cores and not be an issue?
  • IBM licensing does not offer an advantage to either hardware choice – x86 or pSeries. However, migrating to new hardware with IBM software may still change the core factor (PVUs per core).

Oracle’s Compliance and Optimization Licenses Service Unit (COLS) is closing down

The Register is reporting that Oracle’s “Compliance and Optimization License Services Unit (COLS) is being shut down.  With about 150 people in the UK and EMEA, COLS was created to support the LMS division, which was reportedly not meeting its goals.

Where LMS operates in a more precise manner when reviewing licensing compliance, COLS was more of a division of the sales operation, specializing in cutting deals and giving discounts.

The Register’s source is reported as saying “LMS auditors do make mistakes so customers should do their own due diligence before making any claim.”

Miro is the leading expert in conducting license compliance due diligence for companies using Oracle products.  With COLS ceasing operations, its more important than ever to ensure your organization is in compliance before you receive an audit letter from Oracle.

To discuss how this change may affect your organization, please email Miro VP of Marketing, Shawn Donohue, at sdonohue@miroconsulting.com.

Read more at the Register

Tagged with:

Data Breach at Oracle’s MICROS Division – KrebsonSecurity.com

Krebsonsecurity.com is reporting that a Russian organized cybercrime syndicate has compromised MICROS point-of-sale support portal. Oracle responded that they had “detected and addressed malicious code in certain legacy MICROS systems”. The hackers placed malicious code on the MICROS support portal and captured customers usernames and passwords when they logged in. Its reported that over 700 systems have been infected.

Oracle will force all support accounts on the MICROS portal to do a password reset, adding “We also recommend that you change the password for any account that was used by a MICROS representative to access your on-premises systems.”

Security issues like this may prompt Oracle customers to review their Oracle annual support entitlement and cost. If your organization has had security or other problems with Oracle annual software support, Miro recommends reviewing your overall annual support structure and inventory as well as discussing options for support.

To learn more about Oracle annual support renewal and how Miro can help optimize your support coverage and annual support investment, please contact us.

Read more about this issue at krebsonsecurity.com


IBM Ends Support for ILMT 7.2.2 and 7.5

IBM will be discontinuing support for two older versions of the IBM License Metric Tool (ILMT) soon, and recommends migration to ILMT 9.x.  Even though many users are still on v7.5, IBM will discontinue support for the product in April 2017.  IBM has listed resources to assist with planning your migration.

Why would someone want to use IBM’s License Metric Tool (ILMT)?

IBM’s Passport Advantage Agreement (IPAA) is the master document for all of IBM’s distributed software – PVUs, RVUs, users, etc. that could be downloaded through Passport Advantage or Passport Express. The document briefly explains by default every IBM client is licensed at full capacity unless they install ILMT and run it as described.

With ILMT, a client can license their distributed environment by sub-capacity. This greatly favors any environment with virtualization and reduces the amount of PVU and possibly RVU-metric software required. Sub-capacity allows you to license only the processing power allocated to IBM’s software rather than the entire server. IBM offers ILMT at no cost for the license (D561HLL) or annual support (E0256LL).


Minimizing audit penalties with IBM

There are opportunities at every stage of an IBM audit to reduce the quantity of violations and amount of penalties you will owe.

Here are some tips:

  • ILMT report verification – If you’re running ILMT, verify the report. With the complexity of IBM software, their tool may not be reporting the correct number without some tweaks. The ILMT reports are simple to read once you get the tool up and running so it’s possible that you could be on top of any deployment of software using the PVU or processor value unit metric before you receive that audit letter.
  • Authorized Named Users – For users where you have authorized name users, if you’re running another software asset management tool in your environment, look at your end user workstations and compare the head count to your licenses. Don’t forget anyone that may be on Citrix, or accessing the software by another method.
  • Look at the programs themselves – For example, Lotus Notes has a names.nsf file. How many users are listed there? Are there old employees that need to be cleaned out, or ancient group email boxes that are no longer used? Do you have floating or concurrent user licenses that are not on IBM’s new token metric? Is there a tool that meters the usage so you can compare it to the license entitlements?

These are some simple ways to approach audit shortfalls and possible penalties in advance, but when you’re in the middle of an audit it’s important to just work through the results as best you can. Look for errors at every turn; ask questions for things that don’t make sense. The auditors are patient and will go through it with you. They might even suggest a comparable or upgraded license that can backfill a shortfall.

Tagged with:

IBM Audits in a changing environment

Between the time of the audit notification and the time for the discovery, how does IBM account for changes in the environments?

The audit is done at a point in time. If you’re running ILMT, the tool is set up to report a high-water mark for the quarter. IBM and their auditor will see that – remember, you are asked to keep two years of reports on file for IBM’s use.

If you do not run ILMT, the peak usage may be invisible to IBM, BUT why would you license for full capacity? Full capacity is not favorable to anyone running IBM software that has a hardware-based metric in a virtualized environment. That includes hosted environments too.

Without ILMT, the audit results for full capacity will frequently be judged worst-case.  If you have a virtualized cluster on a mixed set of hardware, that VM session may be counted on the largest server in the group because at any time, it may have run on that hardware.

Tagged with: