by Phara McLachlan
Adobe’s Richard Atkinson confirmed that they are moving away from the audits program. While this removes the labor-intensive audit process that companies face, it doesn’t remove the actions that need to be taken post-audit, which will likely result in un-forecasted expenditures and additional implementations.
The reason for Adobe’s move away from audits is Adobe Genuine, which runs validation tests. While Adobe has eliminated the complexity of the audit, don’t be fooled that an enterprise with non-compliant software won’t have to worry anymore. They do and it’s highly likely they will need to procure Adobe licenses.
- Adobe Genuine “sniffs out” pirated software. Similar to a post-audit, Adobe will need to take action and the organization will have to purchase the software.
- Invalid licenses will be discovered by Adobe Genuine resulting in re-purchasing of licenses.
While Adobe has moved away from formal audits, Adobe Genuine’s “validation test” is basically Adobe’s automated discovery tool. It wouldn’t surprise me if many more software vendors move to this model.
IBM will release its new Power9 processor chip next year. There’s a lot of promise with this new architecture regarding new technology, machine learning, and overall speed. It will support both Linux and Unix and be available with up to 24 cores, optimized for 2 sockets scale-out servers.
IBM expects their low-end Power9 servers to be over $6,000 in mid-2017. Other manufacturers may offer Power9 servers for less. Additionally, IBM will license Power9 schema to others to design and build custom chips. (IBM’s Power processors were exclusive to IBM servers prior to IBM partnering with the OpenPower Foundation in 2013.)
What will this mean for Intel’s x86? X86 is a favorite in data centers, including cloud based. Will overseas manufacturers churn them out as affordably as the x86 servers? Google has already expressed interest for Rackspace if Power9 offered a 20 percent savings on either performance or price.
Will software licensing be factored into any possible hardware upgrade?
- Oracle offers a general 2 to 1 software licensing advantage to x86 technology over pSeries. Will the compute ability of Power9 be superior to two x86 cores and not be an issue?
- IBM licensing does not offer an advantage to either hardware choice – x86 or pSeries. However, migrating to new hardware with IBM software may still change the core factor (PVUs per core).
The Register is reporting that Oracle’s “Compliance and Optimization License Services Unit (COLS) is being shut down. With about 150 people in the UK and EMEA, COLS was created to support the LMS division, which was reportedly not meeting its goals.
Where LMS operates in a more precise manner when reviewing licensing compliance, COLS was more of a division of the sales operation, specializing in cutting deals and giving discounts.
The Register’s source is reported as saying “LMS auditors do make mistakes so customers should do their own due diligence before making any claim.”
Miro is the leading expert in conducting license compliance due diligence for companies using Oracle products. With COLS ceasing operations, its more important than ever to ensure your organization is in compliance before you receive an audit letter from Oracle.
To discuss how this change may affect your organization, please email Miro VP of Marketing, Shawn Donohue, at firstname.lastname@example.org.
Read more at the Register
Krebsonsecurity.com is reporting that a Russian organized cybercrime syndicate has compromised MICROS point-of-sale support portal. Oracle responded that they had “detected and addressed malicious code in certain legacy MICROS systems”. The hackers placed malicious code on the MICROS support portal and captured customers usernames and passwords when they logged in. Its reported that over 700 systems have been infected.
Oracle will force all support accounts on the MICROS portal to do a password reset, adding “We also recommend that you change the password for any account that was used by a MICROS representative to access your on-premises systems.”
Security issues like this may prompt Oracle customers to review their Oracle annual support entitlement and cost. If your organization has had security or other problems with Oracle annual software support, Miro recommends reviewing your overall annual support structure and inventory as well as discussing options for support.
To learn more about Oracle annual support renewal and how Miro can help optimize your support coverage and annual support investment, please contact us.
Read more about this issue at krebsonsecurity.com
IBM will be discontinuing support for two older versions of the IBM License Metric Tool (ILMT) soon, and recommends migration to ILMT 9.x. Even though many users are still on v7.5, IBM will discontinue support for the product in April 2017. IBM has listed resources to assist with planning your migration.
Why would someone want to use IBM’s License Metric Tool (ILMT)?
IBM’s Passport Advantage Agreement (IPAA) is the master document for all of IBM’s distributed software – PVUs, RVUs, users, etc. that could be downloaded through Passport Advantage or Passport Express. The document briefly explains by default every IBM client is licensed at full capacity unless they install ILMT and run it as described.
With ILMT, a client can license their distributed environment by sub-capacity. This greatly favors any environment with virtualization and reduces the amount of PVU and possibly RVU-metric software required. Sub-capacity allows you to license only the processing power allocated to IBM’s software rather than the entire server. IBM offers ILMT at no cost for the license (D561HLL) or annual support (E0256LL).
There are opportunities at every stage of an IBM audit to reduce the quantity of violations and amount of penalties you will owe.
Here are some tips:
- ILMT report verification – If you’re running ILMT, verify the report. With the complexity of IBM software, their tool may not be reporting the correct number without some tweaks. The ILMT reports are simple to read once you get the tool up and running so it’s possible that you could be on top of any deployment of software using the PVU or processor value unit metric before you receive that audit letter.
- Authorized Named Users – For users where you have authorized name users, if you’re running another software asset management tool in your environment, look at your end user workstations and compare the head count to your licenses. Don’t forget anyone that may be on Citrix, or accessing the software by another method.
- Look at the programs themselves – For example, Lotus Notes has a names.nsf file. How many users are listed there? Are there old employees that need to be cleaned out, or ancient group email boxes that are no longer used? Do you have floating or concurrent user licenses that are not on IBM’s new token metric? Is there a tool that meters the usage so you can compare it to the license entitlements?
These are some simple ways to approach audit shortfalls and possible penalties in advance, but when you’re in the middle of an audit it’s important to just work through the results as best you can. Look for errors at every turn; ask questions for things that don’t make sense. The auditors are patient and will go through it with you. They might even suggest a comparable or upgraded license that can backfill a shortfall.
Between the time of the audit notification and the time for the discovery, how does IBM account for changes in the environments?
The audit is done at a point in time. If you’re running ILMT, the tool is set up to report a high-water mark for the quarter. IBM and their auditor will see that – remember, you are asked to keep two years of reports on file for IBM’s use.
If you do not run ILMT, the peak usage may be invisible to IBM, BUT why would you license for full capacity? Full capacity is not favorable to anyone running IBM software that has a hardware-based metric in a virtualized environment. That includes hosted environments too.
Without ILMT, the audit results for full capacity will frequently be judged worst-case. If you have a virtualized cluster on a mixed set of hardware, that VM session may be counted on the largest server in the group because at any time, it may have run on that hardware.
We certainly have received a lot of queries in the past year about monitoring tools and while there are some very interesting tools that seem to have reached some type of maturity out there, the simple fact is that no matter how wonderful the monitoring tool may be there simply is no tool out there that allows for comprehensive monitoring. Currently, there are no monitoring tools that consistently tracked all Oracle applications or even most Oracle applications from what we’ve seen of the market. The identification of Oracle application usage is much more difficult than the Oracle technology products like database. And even with the database, there are extreme shortcomings in many of the discovery tools we’ve come across (not for lack of trying to close the gap on the part of the discovery tool vendor). Discovery tools would find great difficulty with applications as there are many factors that come into play such as View Only report generators, advanced users, particular licensing nuances built into contract and many more scenarios that prevent accuracy of a monitoring report.
Remember that a discover tool’s function is only for discovery and is only the first step in the process. You’ll also need to confirm compliance as license compliance covers areas that go beyond the scope of physical use or rights tracking. There maybe one or two good ones out there for Oracle that help jump start the process, but the fact is that they aren’t comprehensive and have understandable limitations.