Miro Consulting, Inc. Audit Trails

Minimizing audit penalties with IBM

There are opportunities at every stage of an IBM audit to reduce the quantity of violations and amount of penalties you will owe.

Here are some tips:

  • ILMT report verification – If you’re running ILMT, verify the report. With the complexity of IBM software, their tool may not be reporting the correct number without some tweaks. The ILMT reports are simple to read once you get the tool up and running so it’s possible that you could be on top of any deployment of software using the PVU or processor value unit metric before you receive that audit letter.
  • Authorized Named Users – For users where you have authorized name users, if you’re running another software asset management tool in your environment, look at your end user workstations and compare the head count to your licenses. Don’t forget anyone that may be on Citrix, or accessing the software by another method.
  • Look at the programs themselves – For example, Lotus Notes has a names.nsf file. How many users are listed there? Are there old employees that need to be cleaned out, or ancient group email boxes that are no longer used? Do you have floating or concurrent user licenses that are not on IBM’s new token metric? Is there a tool that meters the usage so you can compare it to the license entitlements?

These are some simple ways to approach audit shortfalls and possible penalties in advance, but when you’re in the middle of an audit it’s important to just work through the results as best you can. Look for errors at every turn; ask questions for things that don’t make sense. The auditors are patient and will go through it with you. They might even suggest a comparable or upgraded license that can backfill a shortfall.

Share
Tagged with:

IBM Audits in a changing environment

Between the time of the audit notification and the time for the discovery, how does IBM account for changes in the environments?

The audit is done at a point in time. If you’re running ILMT, the tool is set up to report a high-water mark for the quarter. IBM and their auditor will see that – remember, you are asked to keep two years of reports on file for IBM’s use.

If you do not run ILMT, the peak usage may be invisible to IBM, BUT why would you license for full capacity? Full capacity is not favorable to anyone running IBM software that has a hardware-based metric in a virtualized environment. That includes hosted environments too.

Without ILMT, the audit results for full capacity will frequently be judged worst-case.  If you have a virtualized cluster on a mixed set of hardware, that VM session may be counted on the largest server in the group because at any time, it may have run on that hardware.

Share
Tagged with:

Oracle applications: Any Good Discovery/Monitoring Tools Out There?

We certainly have received a lot of queries in the past year about monitoring tools and while there are some very interesting tools that seem to have reached some type of maturity out there, the simple fact is that no matter how wonderful the monitoring tool may be there simply is no tool out there that allows for comprehensive monitoring. Currently, there are no monitoring tools that consistently tracked all Oracle applications or even most Oracle applications from what we’ve seen of the market.  The identification of Oracle application usage is much more difficult than the Oracle technology products like database.  And even with the database, there are extreme shortcomings in many of the discovery tools we’ve come across (not for lack of trying to close the gap on the part of the discovery tool vendor).  Discovery tools would find great difficulty with applications as there are many factors that come into play such as View Only report generators, advanced users, particular licensing nuances built into contract and many more scenarios that prevent accuracy of a monitoring report.

 

Remember that a discover tool’s function is only for discovery and is only the first step in the process. You’ll also need to confirm compliance as license compliance covers areas that go beyond the scope of physical use or rights tracking. There maybe one or two good ones out there for Oracle that help jump start the process, but the fact is that they aren’t comprehensive and have understandable limitations.

Share
Tagged with:

Saving on PVU-based IBM software

IBM accepts a wide variety of virtualization technologies including VMware.

With IBM allowing subcapacity licensing, there is a misconception that this method of counting licensing is automatic. Please refer to IBM’s licensing rules. Currently the Passport Advantage agreement is in effect and it is only 9 pages long –

http://public.dhe.ibm.com/software/passportadvantage/PA_Agreements/PA_Agreement_International_English.pdf

With subcapacity licensing, you have reporting responsibilities. Either use IBM License Metric Tool (ILMT), or if exempt follow the alternate reporting method described by IBM.

Once you’ve passed this hurdle, you are now a subcapacity customer of IBM’s for your software that is licensed based on the hardware it’s installed on. Now you can dive deeper into controlling licensing costs for this type of software or at least avoid a rude awakening following a hardware refresh.

You can check out the IBM PVU table to compare the PVUs required per core for your current or future hardware. If your old hardware was 120 PVUs per core and if you just copy the partitions on the hardware that’s 80 PVUs per core you’re now ahead of the game! If your environment is 80 PVUs and you’re moving to 120 PVUs per core that’s not in your best interest unless you have a lot of extra licenses.

Let’s say you’ve decided to outsource your environment for a different sort of cost savings. This can be a whole other beast to tackle. Your hosting company may not be under any obligation to inform you of any of their hardware changes; their obligation to you, as the customer, may be to only meet their contractual Service Level Agreements (SLAs).

Will the hosting company run ILMT for you? If they won’t, do you have an exemption to manually report your software usage? Do you need to ask IBM for a specific exemption for your new hosting set-up and are you ready with a plan to measure that software usage?

Share
Tagged with:

IBM Audits – Timing and Reporting

How far back does an IBM Audit go? Typically IBM Audits look at two time periods.

The initial look at your environment is a point-in-time review, like a snapshot. The auditor will review your last quarterly ILMT report besides running scripts against today’s set-up.  They would also expect answers to their questions to regard the current state.    The script outputs for some products may have historical data such as high water marks for concurrent or floating users.

If there is further information needed, the auditor may request the complete two years of ILMT history that a client is required to have on hand per the IBM Passport Advantage Agreement (IPAA).

Two years is also the back support ‘penalty’ for license shortfalls, unless the client deployed the excess within the last 24 months.

For more resources on IBM audits, you can request a copy of our comprehensive white paper here. We also have upcoming IBM Webinars on our events page at various dates throughout the year.

Share
Tagged with:

IBM ELAs

If you’re heavily using IBM in your environment and that’s your main line of business software and you plan to continue with that investment, we recommend taking advantage of IBM ELAs as they contain many favorable options such as:

  • Enterprise License, more fondly known as ‘All you can eat’ – we have seen ELAs for a limited software product that you can download and install as much as you want and then at the end of the ELA, you report the number deployed to IBM.
  • License swapping – allows you to retire your shelfware. This is mostly applicable to the same product family, but IBM has granted rare dollar for dollar swaps.
  • Enterprise CAP – if you have trouble forecasting what you’re going to need in the future, you can give IBM the list of the products you need and they could put into your ELA what they call an enterprise CAP system or CAP where you pre-pay for the software and then as you install it you draw down and report to IBM what’s been deployed and apply it against your pre-paid dollar limit as you’re working through the course of the ELA.

Another advantage of IBM ELAs is that most support costs are known for the length of the ELA. Prior to the start of any ELA, you could ask for any of your current IBM software to be excluded for the long-term contract and renew support annually. Annual renewal allows the potential to drop support. For example, one of our clients pulled Lotus Notes out of their ELAs because they planned to transition to Microsoft Outlook during the course of their IBM ELA.

There are many advantages to an ELA, BUT it will not protect you from a software audit. All IBM software is auditable.

Share
Tagged with:

Embedded versus Full Use Oracle License

There’s no technical difference between an embedded version of an Oracle license and a full use version of an Oracle license.  It’s essentially the same product.  The only difference is the licensing definition and rules that pertain to each.  When you purchase an Oracle license, you do not own the license; you just simply own the right to use the software in a very specific way.  When you have an embedded license versus a full use license, it’s the same software.  Essentially, the only the difference is what you have rights to do with that software which could be radically different.  With an embedded license, you’re essentially restricted, in some cases, to use only the application in which the embedded license is supporting and there’s typically usage boundaries of the embedded license that are negotiated during purchase.

 

Again, there is no technical difference, but traditionally there are licensing definitions and/or restrictions on embedded versus full use.

Share
Tagged with:

Is ILMT implementation a catalyst for an IBM license review?

First, let’s define ILMT. ILMT is short for IBM License Metric Tool that helps organizations to track and maintain PVU deployed software for full and sub-capacity environments. Secondly and a very important point, any software customer of IBM’s under the Passport Advantage Agreement is eligible for a license review, or in other words, an audit.   

IBM audits customers regardless of their ILMT use or non-use including the following scenarios:  

1 – An enterprise that claims they have never heard of ILMT

2- Organizations that say they have no license entitlement to ILMT

3- Companies that have downloaded ILMT

4- Clients frequently updating ILMT table definitions

If you would like to opt for sub-capacity licensing, you can and must, with little exception, install the IBM License Metric Tool. The reports are kept on-site, not transmitted to IBM. You would have to manually submit them to IBM or the company’s auditor. In a virtualized environment, sub-capacity licensing is more advantageous and requires fewer licenses most of the time. If you do not want to install ILMT, there is no penalty. You can continue to license IBM software at full capacity, the default licensing method.

Interested in further reading on ILMT? Request our white paper  IBM ILMT: Clarifying Misconceptions & Anxieties. Request white paper

Share
Tagged with: