Miro Consulting specializes in software license audit defense, license management, subscription management, and cloud services, for Oracle, Microsoft & IBM.

Oracle License Compliance Issues Related to API Usage

Users who have no direct access may still need licenses, if they use a system that connects via an API

APIs (Application Programming Interfaces) are utilized in all applications to allow programmers to interface with other applications or devices. It is common for us to find organizations that have underestimated the software licensing impact of leveraging the APIs of their Oracle applications and products. Oracle applications typically utilize an “application user” metric. It is logical for organizations to only consider the user IDs in their system for calculating software licensing requirements. Unfortunately, they may overlook the fact that an API utilizes a user ID itself.

It may also be thought that licensing that single API user ID is sufficient. However, that is not the case. Oracle considers such use as a form of multiplexing, which obscures the true count of users accessing the application. This also has the potential of falling under Oracle’s concept of batching if an external home-built application compiles all incoming data from users and delivers it at once through an API. This is why Oracle counts users at the front end of usage.

All users that are utilizing the external application or interface that feed data into the Oracle application through the API must be licensed for the Oracle application. It is common for users of Oracle E-Business to incorporate the use of APIs to pull data from external sources, and this is a typical source of software compliance issues. However, this situation can impact any Oracle program that utilizes a user licensing metric and receives data from external sources into an API, which includes Oracle Database.

Examples of API Connected Systems:

  • CRMs
  • ERPs
  • Mobile Apps
  • Point-of-Sale
  • Scanners
  • Business Analytics

Identifying software compliance issues in these situations can be very confusing as there are many different usage scenarios, licensing metrics, and differing license rules across all Oracle products. If you have any usage situation that you feel could fall into the situation described above please contact Miro Consulting.

Is Cognos Putting You Out of Compliance with IBM?

In the past couple of years, Miro has seen clients with IBM Cognos that all seem to have an issue.


The first one is the easiest to explain – Cloud.  IBM offers SaaS IBM Analytics.  It includes both Cognos Analytics and Planning Analytics (TM1), along with dashDB and Bluemix too.  IBM does a good job getting around to their Cognos and Planning clients to discuss the possibility of them moving to IBM Analytics, which results in questions to Miro.

Like everything else, the answer starts with ‘it depends’.  We’ve seen multiple ‘Bridge to Cloud’ presentations from IBM.  The common feature is that IBM suggests clients explore IBM Analytics before making a decision.  They can run both on-site and cloud side-by-side, and then after a period of time decide whether they want to remain on-premise or finish migrating to IBM Analytics in the cloud.  This seems similar to the dual entitlements that IBM offered to their Lotus Domino clients.

We believe the main point that would create an obstacle is the version of Cognos deployed in your environment.  If it’s not the same version as the cloud version, do you want to upgrade?   The on-site Cognos Analytics and Cognos Planning Analytics (TM1) would need to be on version 11 (at the time I wrote this blog).

IBM’s offers have been customized to meet the individual’s needs.  If you’d like to know more about IBM Analytics, before contacting IBM directly, IBM has a presentation online at$file/Cognos%20Analytics%20on%20Cloud%20Presentation.pdf

and the service description that you can read through$file/i126-6858-03_12-2015_en_US.pdf



The second issue is the opposite of the Cloud issue.  What if you still have a legacy support agreement that includes Cognos?  What should you do?

Again, ‘it depends’.

  • We’ve seen the old Cognos support priced high for the ability to migrate to later versions of Cognos. The client wanted to remain on that agreement for the terms.
    • Are they good terms?
    • Are they not comfortable with the current way Cognos is licensed or is there a lack of awareness?
  • Licenses may not be listed, or if listed not detailed, in Passport Advantage
    • We’ve seen the legacy Cognos agreement not treated with the same weight as current Cognos licenses in Passport Advantage during a software audit. It created an unnecessary burden for compliance.  In one case, the auditor would not even annotate the exception language in the document to their Effective License Position (ELP).  It was left as a license shortfall, as if there were no license entitlements, when the ELP was handed off to IBM to begin the settlement phase.
    • I’ve also seen the legacy agreement be a perfect fit for a client’s usage of the product both currently and when they signed the agreement. This led to a productive discussion during their IBM Software License Review with both the auditor and IBM.

Current Licensing

IBM acquired Cognos in 2007 but did not immediately blue-wash the license metrics or bundle them differently.  Licensing Cognos seemed complex to the IBM software licensing mindset with about a dozen different user licenses to match the types of user roles assigned within the product.

In 2014, IBM simplified Cognos to narrow the users into less licensable categories.  The licenses required are still based on the roles assigned within Cognos.  This may be an issue if the Cognos administrator is unaware of licensing, but ignorance of quantity and type of user licenses is more universal Software Asset Management (SAM) rather than specific to Cognos.

The bigger issue is any migration to PVU metric licenses.   Commonly the Information Distribution users (receive reports) are licensed by PVU because they should be the largest class of user.  The license change intention was to make it more cost effective to distribute reports directly to many users because only the server requires licensing.

If this was not communicated well within an organization, there could be a blind spot as other Cognos servers are set up without procuring additional PVU licenses.  Contact Miro to discuss your Cognos and IBM compliance concerns.

Is Your Organization Out of Software Compliance following a Merger, Acquisition, or Divestiture?

Executive SummarySoftware Compliance following a Merger, Acquisition, or Divestiture
A merger, acquisition or divestiture initiative can pose a serious software license management risk. When considering such initiatives, organizations should review all licensing agreements to ascertain if they are freely transferable between organizations. Non-compliance can lead to an audit failure, significant penalties, and expensive software purchasing fees that can be completely unexpected and at times unnecessary.

Software licensing agreements typically include language that states licenses as non-transferrable and may be unusable until the organization obtains the software vendor’s consent. Therefore, organizations should include clauses relating to acquisitions and subsidiaries before entering into a service agreement. These are necessary to both protect the organization and to provide the flexibility to expand and contract depending on organizational needs and changing market conditions.

Merger, acquisition, or divestiture activity is a key trigger for software audits. Software vendors know that many organizations considering a merger, acquisition or divestiture initiative go through a period of integration, migration, and decommissioning to eliminate redundancies, reduce costs, and increase operational efficiency and quality. However, service agreements may include license metrics that would automatically put the organization out of compliance at the time of a merger or acquisition should such metrics exceed the license base thresholds. As a result, the software vendor may demand a license review or full license audit to determine if the newly formed organizational structure is in compliance. Non-compliance may result in the organization paying significant penalties and purchasing additional software licenses that may be unnecessary considering consolidation plans in the near future.

Many organizations do not consistently maintain software license inventories and a lack of management may result in non-compliance and significant penalties. Organizations should also review all licensing agreements to identify any gaps in regards to software installations, licensing, and usage. This may be challenging if software inventories were not maintained and multiple licensing agreements and different licensing types were purchased over time and spread across different divisions and geographic locations. Maintaining software inventories saves time in the event of an organizational change or if the software vendor demands a license review or full license audit. In the case of an acquisition, the acquiring organization has an opportunity to negotiate terms if there are any gaps in compliance before the transaction takes place; otherwise, it is the new owner’s responsibility to assume all costs relating to non-compliancy.

Software vendors often demand a license review or full software audit following a merger, acquisition or divestiture to determine if the newly formed organizational structure is in compliance. Non-compliance may result in the organization paying significant penalties and repurchasing software licenses and applicable support at a higher cost. Please contact your trusted Miro Analyst or Miro Account Manager if you are considering or have recently gone through a merger, acquisition, or divestiture initiative. Miro can assist your organization with assessing all of the risks and opportunities to maximize your software investment while ensuring a fully compliant environment.

Will You be Forced to Use a Microsoft CSP?

Discontinuing Microsoft Software Assurance is no longer an option

Microsoft is significantly advancing its cloud services by transitioning their existing customer base to Office 365, Exchange Online, and the various Azure offerings. It also involves upselling existing cloud customers on a broader range of services. The most notable of these is Microsoft 365, a suite of Office 365, Windows (client), and Enterprise Mobility + Security (“EMS”).

Yet another strategy has emerged as Microsoft seeks to ramp up its smaller customers. Small businesses needed the computing power and the applications Microsoft offered, but the small businesses lacked the technical resources to do manage the installations on their own. These organizations have now opted for Office 365 and other cloud services as a worry-free alternative.

This new strategy is the Cloud Solution Provider or “CSP” program. Microsoft has extended the CSP program to its existing partners as a way to grow, citing the partner’s relationship with the customer, longer-term agreements, predictable costs, and increased revenue. Essentially, these partners become indirect resellers of Microsoft’s cloud services. Initially, at least, the terms of the CSP program are very favorable to the partner, with terms like a single seat to start, the ability to add or subtract seats on a monthly basis, and incentives in addition to the partner’s margin.

So what is Microsoft’s motive? Beyond wanting a bigger piece of the overall cloud market, there are other factors at play. The first is to drive continual revenue through subscriptions. The ability for a customer to reduce its spend on Microsoft by discontinuing Software Assurance is no longer an option. Second, the maintenance of Microsoft-hosted solutions is controlled by Microsoft. This can help reduce the costs associated with technical support by limiting the number of supported product versions in the field.

Is the cloud right for your organization? There’s more to it than we’ve covered here. Contact Miro Consulting to discuss your current state as well as your future plans and objectives.

8 Signs You’re About To Be Audited For Non-Compliance

Oracle Software Audits, Microsoft Software Audits and IBM Software Audits can be challenging, time consuming and expensive.  Preparation is the key factor.  If these items apply to your organization, it’s likely you could soon be audited for non-compliance.

1. Merger, Acquisition or Divestment

Software companies like Oracle, Microsoft and IBM know that tracking software assets can be difficult during a merger, acquisition or divestment. When databases get merged and assets combined, licenses are often the last thing on IT staff’s list of tasks. While everyone is focused on getting critical business systems online, software companies take the moment of weakness as an opportunity to audit their clients.

2. Backed out of a purchase

If you recently negotiated a purchase with a software vendor, but then declined to finalize the deal, you are very likely about to be audited. Vendors may assume that you still need those licenses and subscriptions, and that you are trying to avoid paying for them. Unless you are working with a licensing specialists and have complete documentation for your entire environment, an audit is very likely in your near future.

3. Past Noncompliance

If you’ve been audited in the past, you are a prime target for future audits. Some software vendors like Oracle, IBM and Microsoft may audit companies in as little as 18 months from their last audit. During a software audit, compliance teams may look to see if your organization is setting up a system or process for license management.

4. No License Management

If a software vendor is conducting an audit, and they see that the target company is not planning for the future by setting up a process, team or outside consultant to oversee the licenses and subscription management of an organization, they may mark that client for future audits. Not having a license management specialist in place is a sign of vulnerability which vendors may exploit.

5. Reports of Organization Instability

Are there press reports or industry journalists reporting a rising level of instability within your organization? Software vendors have learned that executive departures, office relocations, downsizing or rapid growth are all signs of likely non-compliance at an organization. These red flags may often trigger a software audit.

6. Your Rep is suspicious

Software vendors like Oracle, IBM and Microsoft have trained their sales reps to look for suspicious behavior at the organizations in their territories. If your sales rep is calling you and asking you a lot of questions about your environment, this is frequently a sign of an incoming software audit.

7. Virtualization or Cloud

If you’re organization is looking to move to the cloud or using virtualization, the chances of a software audit greatly increase. There are many complex and ever changing rules regarding virtualization, having to do with processors, cores and server counts. When you factor in virtualization in the cloud, even more rules apply. While companies often employ these technologies to reduce costs, they can lead to audits that cost more in the long term.

8. Your Licensing Expert Leaves

Did your licensing expert just leave the company? If so, your software vendor probably knows. License compliance teams at software vendors like Oracle, Microsoft and IBM keep track of how your organization is managing its licenses and renewals. Using outside consultants is a common strategy used by many large enterprise clients as a way of avoiding audits when personnel changes.

With proper experts managing your licenses and compliance, organizations can be well prepared for the inevitable software license audit.  Miro can help your organization with software audit compliance, license management, subscription management and cloud services.  Contact Miro today if you’re facing a software audit or want to know if you’re ready to be audited.  Our experts can review your environment and let you know if you’re out of compliance or paying too much for licenses and subscriptions.

Oracle Applies AWS Hyper-threading Policy to Microsoft Azure

Oracle Applies AWS Hyper-threading Policy to Microsoft Azure

On January 23, 2017, Oracle updated its policy about licensing Oracle software in cloud computing environments. The impact to current AWS and Azure subscribers are:

  • An AWS vCPU equates to one (1) hyper-thread of a Xeon CPU core – essentially half of the previous value.
  • Oracle no longer applies their core factor against core usage within these environments.
  • The policy had previously applied to all processor based licenses, where as the new policy only applies to certain ones.

The new change on January 23, 2018 concerns the Microsoft Azure environment. When Oracle originally distributed its revised policy, Microsoft had just started to hyper-threaded instances.

Oracle’s policy was largely silent on Azure, with the exception of no longer applying the core factor. With Microsoft now offering hyper-threaded instances, the new Oracle policy for Azure environments is essentially the same as for AWS environments. This had been predicted by Miro.

If you have any comments or questions, you are invited to contact Miro Consulting to discuss your current state as well as your future plans and objectives.

Oracle Support Contracts Now Auto-Renew

Oracle Support Contracts Now Auto-RenewOracle Support Auto Renewal

During the late summer and early fall of 2017, Oracle made a significant addition to the Oracle Support policies but was largely silent on this change. While there are references to Online Renewal within Oracle’s websites, the most impactful change concerned auto-renew.

Automatically renewing Oracle Support Contracts, designed to make it easier for Clients, has become the default method. Instead of receiving the Support Contract and thereby offering the customer the chance to review it, the customer simply receives an invoice that doesn’t clearly detail its costs.

There are several issues with this:

  • Based on policies within the customer’s organization around signing authority, some smaller Support Contract fees could be simply pushed through.
  • As some programs are de-supported, they will no longer appear on the Support Contract. This might serve as a trigger for some customers.
  • Some programs might be transitioned to the Oracle Cloud in which case the support fees would be set aside (“parked”) if the on-premise program is no longer being used.
  • Customers may have a charge-back system in place for which the cost detail of the Support Contract is essential.
  • License migrations might have occurred during the last support cycle which ought to be reflected in the latest Support Contract.

In all of these cases, the lack of Support Contract detail can become very detrimental to a customer. Miro advises that great care be taken before opting into auto-renewal.  Better yet, opt out, and reach out to Miro for more information.

Miro support renewal management provides a dedicated support renewal rep that can assure timely renewal, accurate support line items, and the lowest cost of renewal. Customers on average save up to 15% on Oracle Support contract renewals with Miro.

Modern Policies Supersede Legacy Software Contract Terms

Modern Policies Supersede Legacy Software Contract Terms

Server Metric
Modern-Policies-Supersede-Legacy-Contract-Terms-Oracle-IBM2Just because a legacy contract doesn’t include rules on virtualization or multi-core processors, it doesn’t mean the organization can simply ignore the vendor’s current policies on those subjects.  When virtualization technologies were developed, software vendors changed the way servers were licensed.  When a server had a single processor and core, the entire server was licensed as a Server metric.

With the introduction of hardware with multiple processors and then multi-core processors, both Oracle and IBM weighted their licensing based on the processing power of the multiple cores and different processor manufacturers, and issued tables to calculate licensing.  Very few customers still have Server metric licenses, so they need to accept and apply these Core Factor or PVU tables to determine licensing requirements.  To refuse the new rules would likely mean your organization could no longer use server-based software from either Oracle or IBM.

Most software of this type is now licensed based on the computing power of the hardware it’s installed on.  Oracle has both Processor and Named User Plus licenses currently, and IBM has Processor Value Units (PVU) and Resource Value Units (RVUs) where the licensed Resource may be defined as managed cores or another hardware-based quantity.

Different methods have been introduced to allow multiple physical servers to be grouped together as nodes, clusters, and larger entities like vCenters.  With the ability to carve up the processing power available to applications, organizations demanded a fairer method to license their software deployments because most of the time, they were no longer allocating the entire processing power of the entire physical server(s) for their applications. Oracle and IBM selected slightly different methods on determining licensing in virtualized environments.

Oracle Virtualization
Oracle defined possible virtualization methods into two types: hardware-based and software-based.  If a client uses a hardware-based method which they call Hard Partitioning, they can license software for the processing power allocated to the application.

If it is software-based, a customer does not receive the licensing concession.  Oracle has made an exemption for their own Oracle Virtual Machine (OVM) if certain criteria is met, including pinning the virtual machine to specific processor cores or threads.  If you cluster an OVM (or LPAR) server to another server, the exemption does not apply. If a customer rejects the vendor’s requirements to limit the full processing power of the physical hardware, then the vendor will automatically conclude that the customer must license the full extent of processing power.

IBM Virtualization
IBM introduced their IBM License Metric Tool (ILMT).  ILMT receives information from the server agents every 30 minutes, and compiles a report of IBM software with a hardware-based metric with the associated calculations, so the deployments are converted to the number of PVUs or RVUs.  If an IBM software customer installs ILMT and meets the terms in the IBM Passport Advantage Agreement (IPAA), they are eligible for sub-capacity licensing. Again, If a customer rejects the vendor’s requirements to limit the full processing power of the physical hardware, then the vendor will automatically conclude that the customer must license the full extent of processing power.

There’s no reason to license the entire physical server when the application only receives the benefit of a fraction of its processing power.  Most organizations would be wise to take advantage of virtualization technologies as a means of cost savings, wherever possible.  Those that do must acknowledge the rules and policies that govern the usage of virtualization and other modern developments like multi-core processors and servers.

If your strategy is to claim any of the modern rules and policies don’t apply to your legacy contract, you’re going to have a bad time.  It’s a red flag to the software vendor that your organization is out of compliance, and it will become a high priority target for an audit.

Miro can help your organization right-size it’s licensing portfolio for it’s needs. We strive to understand the vendor’s concerns, and determine methods that can be less onerous than a vendor’s initial position, but still address the concerns of the vendor. This enables our customers the ability to develop a position that meets their needs, but in a way vendors will accept.

Call or email us today to learn how we can save your organization time, money and resources, as well as help assure compliance with virtualization and other modern rules and policies.