Blog

Miro Consulting specializes in software license audit defense, license management, subscription management, and cloud services, for Oracle, Microsoft & IBM.

8 Signs You’re About To Be Audited For Non-Compliance

Oracle Software Audits, Microsoft Software Audits and IBM Software Audits can be challenging, time consuming and expensive.  Preparation is the key factor.  If these items apply to your organization, it’s likely you could soon be audited for non-compliance.

1. Merger, Acquisition or Divestment

Software companies like Oracle, Microsoft and IBM know that tracking software assets can be difficult during a merger, acquisition or divestment. When databases get merged and assets combined, licenses are often the last thing on IT staff’s list of tasks. While everyone is focused on getting critical business systems online, software companies take the moment of weakness as an opportunity to audit their clients.

2. Backed out of a purchase

If you recently negotiated a purchase with a software vendor, but then declined to finalize the deal, you are very likely about to be audited. Vendors may assume that you still need those licenses and subscriptions, and that you are trying to avoid paying for them. Unless you are working with a licensing specialists and have complete documentation for your entire environment, an audit is very likely in your near future.

3. Past Noncompliance

If you’ve been audited in the past, you are a prime target for future audits. Some software vendors like Oracle, IBM and Microsoft may audit companies in as little as 18 months from their last audit. During a software audit, compliance teams may look to see if your organization is setting up a system or process for license management.

4. No License Management

If a software vendor is conducting an audit, and they see that the target company is not planning for the future by setting up a process, team or outside consultant to oversee the licenses and subscription management of an organization, they may mark that client for future audits. Not having a license management specialist in place is a sign of vulnerability which vendors may exploit.

5. Reports of Organization Instability

Are there press reports or industry journalists reporting a rising level of instability within your organization? Software vendors have learned that executive departures, office relocations, downsizing or rapid growth are all signs of likely non-compliance at an organization. These red flags may often trigger a software audit.

6. Your Rep is suspicious

Software vendors like Oracle, IBM and Microsoft have trained their sales reps to look for suspicious behavior at the organizations in their territories. If your sales rep is calling you and asking you a lot of questions about your environment, this is frequently a sign of an incoming software audit.

7. Virtualization or Cloud

If you’re organization is looking to move to the cloud or using virtualization, the chances of a software audit greatly increase. There are many complex and ever changing rules regarding virtualization, having to do with processors, cores and server counts. When you factor in virtualization in the cloud, even more rules apply. While companies often employ these technologies to reduce costs, they can lead to audits that cost more in the long term.

8. Your Licensing Expert Leaves

Did your licensing expert just leave the company? If so, your software vendor probably knows. License compliance teams at software vendors like Oracle, Microsoft and IBM keep track of how your organization is managing its licenses and renewals. Using outside consultants is a common strategy used by many large enterprise clients as a way of avoiding audits when personnel changes.

With proper experts managing your licenses and compliance, organizations can be well prepared for the inevitable software license audit.  Miro can help your organization with software audit compliance, license management, subscription management and cloud services.  Contact Miro today if you’re facing a software audit or want to know if you’re ready to be audited.  Our experts can review your environment and let you know if you’re out of compliance or paying too much for licenses and subscriptions.

Share

6 Microsoft Audit Triggers

Did you now your Microsoft Reseller can tell Microsoft to audit you?

For the last several years, Microsoft and other software vendors have been pressuring their customers with audits. The reasons were many and include stagnant revenue, recovery from the economic turmoil of the preceding decade, changes in corporate direction, and more.

Microsoft turned to software audits to compel organizations to transition to products and services that fit their “Mobile First, Cloud First” strategy.  So what triggers these audits? What puts an organization “on the list?”

  1. Your Reseller Told Microsoft to Audit You

    Many Microsoft Resellers now have SAM Divisions, meaning Software Asset Management. While they may be distinct legal entities from your Reseller, they operate as a single company. These new SAM divisions can refer you to Microsoft as a potential audit target, based on the information they gathered while acting as your reseller. Microsoft uses these recommendations to prioritize audit targets based on how serious the potential violation is.

  2. Purchasing History

    Did you fail to renew your Enterprise Agreement during the economic downturn, as a cost reduction measure? Have few Microsoft purchases have been made since? If this occurred, with annual true-ups no longer necessary, Microsoft will wonder how business is still being supported with hardware and software that is very old.

  3. Technology & Licensing Changes

    BYOD, desktop virtualization, hosted services, license mobility, cloud environments, transitional licensing, bridge licenses, metric changes and evolving Software Assurance benefits all make adherence to licensing rules challenging, at best. Microsoft knows this and will use it to position your environment as non-compliant.

  4. Mergers & Acquisitions

    The Microsoft Account team will view any M&A activity as a potential opportunity. For example, when an organization with an active Enterprise Agreement acquires another company, Microsoft will assume an increase in the number of qualified devices or users. Beyond any contractual obligations that may exist, the Microsoft Account team will see a revenue windfall.

  5. Transition to the Cloud

    Cloud subscriptions are presented as the easiest path to achieving and maintaining license compliance. Office 365 has reached critical mass in the commercial space, which reflects Microsoft’s success in engineering the transition. And it will continue with this process and even repeat it as it tries to upsell existing subscribers.

  6. Disgruntled Employees or Former Employees

    Organizations such as the Business Software Alliance, of which Microsoft is a member, actively ask individuals to come forward to report non-compliance issues. This isn’t unusual as employees – former or existing – may want to create difficulties and instigate an audit.

The best advice for an organizations is to complete its own, proactive License Position Assessment as soon as possible via an independent expert. This assessment will provide the snapshot needed to determine any exposure and allow the organization to prepare and protect their budget from unexpected costs from Microsoft.

Share

MAD Software Audits: Mergers, Acquisitions and Divestiture

Software audits by companies like Oracle, Microsoft and IBM are frequently triggered when an organization engages in MAD activity; Mergers, Acquisitions and Divestiture.

Software asset managers (SAM) and procurement staff should be aware of the specific challenges related to MAD activity within their organization.  It’s vitally important to retain policy documents and licensing contracts to ensure compliance.  When these vendors become aware of MAD activity at an organization, they typically investigate these specific areas:

  • Has the organization purchased new licenses to account for an increased headcount?
  • Is either organization’s systems being absorbed into the other or will they function as two distinct entities?
  • Does either organization have license rights to share licensing?

The vendor’s sales or license compliance teams need to know and understand the answers to these questions, as the sheer act of any MAD activity greatly increases the likelihood that they will be audited by a software vendor, or receive an offer by them to do a “health-check” with the organization to ascertain if it’s in compliance.  Refusing a health-check is permissible, but will very likely lead to a formal audit.

Other organizational changes resulting from a merger, acquisition or divestiture can create additional factors that will trigger an audit.

These factors include:

  • Virtualization – if the new business entity engages in virtualization as a means of reducing costs
  • Decreased License Spend – if a new business entity reduces its licensing spend to account for a reduced workforce
  • Competitor Cloud Purchase – if the business is running or intends to run one vendor’s software on another vendor’s cloud

Risks

For many vendors, the standard policy for organizations which are out of compliance is a mandatory license purchase at lower than normal discounting, plus maintenance and support, for any licensing shortfalls.  These costs can range from tens of thousands to tens of millions of dollars in un-budgeted costs.  If the organization did not negotiate for the right to transfer their licenses to a new business entity, they could be forced to purchase an entire new set of licenses to cover areas the organization thought would be covered by current licensing.

Recommendations

Software asset managers and IT executives should focus on these key areas to ensure compliance and defend against a software audit

  • Retain copies of all contracts and relative vendor policies from the time the contracts were signed, as they often change
  • Perform due diligence to ensure that your installed applications and users match your entitlements
  • Negotiate key terms that will best support future changes of your organization
  • Engage software asset management experts to help with purchasing, negotiating and managing license contracts and renewals
  • Initiate a “Self Audit” with industry experts to ensure compliance before you get audited by the vendor

About Miro

Helping clients navigate licensing decisions and evaluate options for M&A situations is a standard practice for Miro. Here are just a few examples of how Miro has guided and supported clients who were involved in M&A activities.  Contact us to learn more.

Share

Flexera’s FlexNet Manager for IBM in lieu of IBM License Metric Tool (ILMT)

IBM uses their own proprietary software asset management tool, ILMT.  “The IBM License Metric Tool [ILMT] helps you maintain an inventory of the PVU based software deployed for your Full Capacity or Virtualization (Sub-) Capacity environment, and measures the PVU licenses required by software Product. It is intended to help you manage your IBM software licensing requirements, and help you maintain an audit ready posture. Customers are responsible for supplying hardware and installation services required for installing the tool” according to IBM.

To clarify a possible misunderstanding or a case of not reading all the directions, if you wish to have an exception from IBM to not run ILMT, your exception should be granted in writing.  Do not assume IBM will grant you an exception, especially during the course of a Software License Review (SLR or audit).

IBM lists basic exceptions where you could use manual quarterly reporting in lieu of ILMT:

  • Less than 1,000 employees and contractors – this is total employees, not just those using IBM technology.
  • Less than 1,000 PVUs total physical capacity of your servers with Sub-capacity licensing within your global enterprise
  • Customer’s eligible virtualization technology is not supported by ILMT. However, you would be required to use ILMT within 90 days of a virtualization technology becoming eligible.
  • ILMT eligible technologies are listed by IBM at http://www-01.ibm.com/software/passportadvantage/subcaplicensing.html

After not meeting the above conditions that IBM has stated, an IBM customer would need to contact IBM to request an exception to not use ILMT with a reason and what you plan to use in place of ILMT.  IBM could decline to accept your proposed alternative.

In 2015, Flexera updated their FlexNet Manager for IBM to mimic ILMT’s minimum scan frequency of every 30 minutes beginning with 2015 R2.  IBM has given exceptions to customers using this SAM tool, but you need to ask IBM for an exception to use FlexNet Manager for IBM 2015 R2 or later in lieu of ILMT.  When that exception is granted by IBM, the IBM customer should be required to sign a Passport Advantage amendment with the related terms.

Although FlexNet Manager for IBM has its own native discovery, IBM recommends using it as an data aggregator with your ILMT, TAD4d, or BigFix agents.  There may be a downside to this because ILMT or other products and their updates would still be necessary.

Additionally, IBM has not certified Flexera’s product as accurate and leaves the responsibility with the IBM customer to verify the reports.  The Flexera tool also needs to remain the equivalent of the current ILMT release.

With or without an exception, IBM software customers are still responsible for knowing where they deploy IBM software and having an adequate number of licenses.

Share

Oracle Advanced Compression: Compliance Risks When Using Advanced Compression Options

Executive SummaryOracle Advanced Compression

IT leaders focused on Oracle compliance risks are often unaware of the challenges in preventing Oracle Advanced Compression options from being triggered unintentionally. Failure to identify and implement Oracle Advanced Compression options according to entitlements in the Oracle estate can lead to an audit failure and significant penalty fees.

Key Challenges:

  • Determine which Oracle features and options are required for the organization
  • Prevent employees from using Oracle options and features that the organization is not licensed for
  • Continually monitor the usage of Oracle options and features to ensure licensing compliance

Recommendations:

  • Refer to your service agreement to determine if you are appropriately licensed to use Advanced Compression
  • Avoid using Advanced Compression options and features that the organization is not licensed for
  • Contact an Oracle Licensing Management specialist such as Miro Consulting to determine Advanced Compression usage and discuss solutions to ensure a fully compliant environment

Oracle Advanced Compression

Oracle Advanced Compression is a licensable option that provides the ability to compress all types of data, backups, and network traffic to reduce storage consumption and improve performance. Unfortunately, many of our clients are surprised to learn that they have Advanced Compression usage and are therefore out of compliance.
The reason for the confusion is due to the fact that the Advanced Compression Option can easily be triggered by the use of some Oracle features, causing the organization to be out-of-compliance and fail an audit.

The Advanced Compression options that cause the most confusion include:

  1. Data Pump
    Introduced in version 10g and is a faster and more flexible alternative to the traditional Export (exp) and Import (imp) utilities.
  2. Recovery Manager (RMAN)
    An Oracle utility that provides the ability to backup and recover the Oracle database.
  3. Data Guard Redo Transport
    Introduced in version 11gR1 and provides the ability to transfer redo data from a database destination to up to thirty destinations.
  4. SecureFiles
    Introduced in version 11gR1 and is an enhanced version of the original BasicFiles LOB storage architecture.
  5. OLTP Table Compression (Advanced Row Compression)
    Introduced in version 11gR1 and provides the ability to compress data during all types of data manipulation operations.
  6. Flashback Data Archive (Formally Total Recall)
    Introduced in 11gR1 and provides the ability to reference older versions of data in the Oracle Database or return older versions of data in the Oracle Database to a previous state without point-in-time media recovery.

Click here to download the full whitepaper. 

Share

5 Unusual Ways to Save on Microsoft Licenses & Subscriptions

Microsoft Defense Audit
Mauris egestas tellus non ex condimentum, quis ac ullamcorper sapien dictum. Nam consequat neque sapien viverra convallis. In non tempus lorem. 
Learn More

5 Unusual Ways to Save on Microsoft Licenses & Subscriptions You know the basics, but do you know these advanced strategies for saving on your Microsoft spend? Your organization could save hundreds of thousands of dollars by taking advantage of these special techniques and Microsoft programs, but only if you know what to ask for.

1. Independent Contract Review

When your contract is up for renewal, many organizations simply assume that there’s no need to review the details more than in the past. Unfortunately, a lack of diligence and oversight can result in significant and unnecessary over-spend. Making international headlines, the Dutch Police put in an accidental purchase order, and the courts ultimately determined that they were liable for the full cost of the multi-million-dollar mistake. Miro can do a last-minute double-check of your contracts, even if they’re due very soon, and make sure you’re getting everything you need and nothing extra.

2. True-Downs

We’ve all heard of “True-Ups,” the process where additional Microsoft licenses are purchased on an annual basis, but you can also “True-Down”. On your contract anniversary date, it’s possible to reduce your spending with Microsoft and pay for less subscriptions. For example, if your original contract had 250 subscriptions, and you later upgraded to 500, you can go back down to 250, but no lower than the original amount.

3. Core Grants

As Microsoft transitions from a “per-processor” to a “per-core” licensing model, there are opportunities to save on costs. For all servers with 16 cores or less, there is no price increase as Microsoft has made the cost of 16 Windows Server 2016 cores the same as the 2 processor Windows Server 2012 R2 license. If you have more than the standard 8 cores per server, Microsoft can give you a “core grant” so you won’t have to purchase additional licenses, but only under certain conditions. Contact Miro for details and requirements.

4. Azure Hybrid Use Benefit

You can save money on moving to the Microsoft Azure cloud through the Azure Hybrid Use Benefit. This allows you to move on-premise licenses to Azure, and you only pay the base compute rate, instead of the full price for new Windows Server virtual machines in Azure, which can be up to 41% savings.

5. Get BIF

Business Investment Funding (BIF) is a new Microsoft offering for select clients who don’t meet the infrastructure requirements for certain products like Office 356. BIF is essentially Microsoft providing money for things like upgrades to your company’s network, so that you can utilize their new cloud products. Miro has seen clients offered up to 20% cash back on their annual spend, which they can use for upgrades to their systems.

If you’d like to take advantage of these offers or want to learn more, it’s critically important that you do not call a Microsoft Reseller. They are obligated by contract to report any licensing shortfalls to Microsoft. Contact an independent non-reseller, like Miro, to get confidential advice on your Microsoft contracts and negotiations. You can also download our Microsoft Licensing and Audit Defense Guide.

Share

5 Ways Your Hosting Provider Can Put You Out of Compliance

ORACLEYour Third-Party Hosting Provider may be putting you out of compliance. Unfortunately, your organization is liable if they do. Most providers have clauses in their contracts which absolve them of all responsibility. Is your hosting provider jeopardizing your compliance? Read more to find out.

1. Virtualized Environment

Do you know if your Third-Party Hosting Provider is running your software in a virtualized environment? We find that Oracle can and will require licensing outside of their client’s own non-dedicated use for those who use a Third-Party Hosting Provider utilizing forms of virtualization. Many organizations think that the Third-Party vendor would be liable for any resulting license compliance issues, but that is never the case. All Third-Party Hosting vendors that own and manage the hardware that hosts client software assume no liability for software license compliance. The client is always liable.

2. Disaster Recovery

Do you know how Disaster Recovery is handled within your Third-Party Hosting Provider? We continue to find situations where a Third-Party Hosting vendor is deploying a form of Disaster Recovery that Oracle would consider to require additional licensing, but clients are never informed of it requiring additional licensing. Some Hosting vendors have even stated that such licensing was not required, but it was only their opinion and had not been confirmed by the software vendor.

3. Proprietary Hosting

Are you running any Proprietary Hosting solutions at your Third-Party Hosting Provider? Oracle’s past policies have dictated that Proprietary Hosting is forbidden, but have recently shown some loosening of those restrictions, but only when Oracle Cloud is the solution in use.

4. Data Sovereignty

Do you know where your data is? Data Sovereignty is a topic that comes up more often as organizations try to ensure that they are not breaking any government jurisdiction on rules and policies that would impact Third-Party access for legal, security, or privacy purposes. The policies and rules can vary greatly by country. Third-Party Hosting Providers often have datacenters in many different countries. Even if your primary data is contained in a local or a geographically acceptable datacenter, your disaster recovery site may not be.

5. Hardware Platforms

Do you know the hardware platform in which your software is being run? We constantly come across organizations that have great difficulty getting such information from their Hosting Provider. We have even seen instances where the Hosting Provider refused to provide such information to the client. Outside of Oracle approved Cloud Computing Vendors, it is necessary to know the details of the underlying hardware so that proper licensing can be calculated.

Share

7 Signs of an IBM Audit

Do you recognize the signs of an IBM audit? These 7 Signs of an IBM audit are red flags that you should recognize.

  1. You Get a Letter Introducing KPMG or Deloitte

    These are two of the “Big 4” accounting firms that manage the actual software license audit process on behalf of IBM.  IBM refers to them as, “third party independent auditors”.  Keep in mind that when it comes to their “independence,” these firms are paid by IBM for their services.

  2. IBM Software Review

    In this case, “review” is what IBM calls an audit.  Like Microsoft and other software vendors, IBM has begun referring to their software audits as “reviews.”  This nomenclature change is meant to lull clients into a false sense of security.

  3. You Spoke To a Reseller

    Like a good software asset manager, you did your research and spoke to a reseller about making a purchase to stay in compliance.  Ultimately, you decided that you were in compliance and did not buy any additional licenses or products.  Unfortunately, IBM resellers have a “snitch clause” in their contracts which require them to report any possible out-of-compliance situations they uncover directly to IBM.  So, if IBM thinks you may be out of compliance based on that conversation, you have a significant chance of triggering an audit.

  4. IBM wants to “educate” you

    One way IBM tries to initiate a discussion around what software you’re using, and what you may not be fully licensed to use, is by disguising that discussion as an “education” experience.  IBM will want to increase your “awareness” of their compliance policies. It’s a great way for IBM to ask you questions about your environment, but make it look like it’s about educating, not evaluating your compliance.

  5. Not Running ILMT

    Some organizations reach out to IBM because they’re having trouble installing or running ILMT or BigFix.  If you’re not running one or the other, IBM will assume that you don’t have a complete picture of your environment, and are likely out of compliance.

  6. IBM Wants to “Help” You

    Your IBM rep has taken a newfound interest in your organization’s challenges and opportunities with software.  Make no mistake—they’re not looking to help you be more successful.  IBM wants to know if you are having trouble managing your software assets, making you an ideal audit candidate.  They also want to know what new software you might be able to use to solve your issues.  It’s a double opportunity to extract more revenue from you.

  7. Virtualization Questions Start Coming

    Many IBM customers save significantly on their budgets by running IBM software in a sub-capacity model, but virtualization can make staying in compliance more difficult.  If they find out you’re not running ILMT, you are practically guaranteed to be out of compliance.  Either way, virtualization questions are a sure sign that IBM has targeted you. Take caution.

Learn more by downloading our IBM Audit Defense Guide. Miro is the leading IBM audit defense specialist and original software audit defense company. We’re 100% independent from IBM and can confidentially advise you and your organization regarding IBM software licenses, software audits, and compliance. Contact us today.

Share