IBM Passport Advantage bombshell
IBM drops a licensing bombshell with major reporting changes coming to IBM Passport Advantage from May 1 2023
Hot on the heels of Oracle’s change to Java licensing IBM have published an update to the Passport Advantage agreement. An update which significantly increases the measurement and reporting required by any organization running IBM software. The result is a significant increase in compliance risk for IBM users.
UPDATE 8th JUNE 2023: Flexera launches solution for measuring IBM Passport Advantage usage
What’s changed?
IBM’s Passport Advantage agreement governs most volume license purchases from IBM. On February 1st, 2023, Clause 4.1.a (License Verification) changed to the following (our emphasis):
“Client will, for all Programs at all Sites and for all environments, create, retain, and each year provide to IBM upon request with 30 days’ advance notice: i) a report of deployed Programs, in a format requested by IBM, using records, system tools output, and other system information; and ii) supporting documentation (collectively, Deployment Data).”
What does this mean?
This change means that you as the customer are contractually required to measure consumption of IBM licenses, in order to provide a report to IBM on their request within 30 days. This must be done once per year.
The scope is all programs covered by the Passport Advantage agreement, and also the International Program License Agreement (IPLA). The clause has been in the IPLA since October 2021. It also applies to licenses covered by Passport Advantage Express.
Previously the License Verification clause in these agreements merely required customers to provide sufficient records and outputs to IBM and its appointed auditors in order to verify compliance. As such, this amendment represents a considerable tightening of the rules. Many IBM licensees will be familiar with the need to keep continuous records for programs eligible for sub-capacity licensing but this change means that requirement is extended to every program.
This change also affects the audit process as IBM will use the report as the baseline for the audit, whilst still retaining the right to ask for additional information and deployment data. Essentially the annual report you provide becomes the baseline for the audit activity.
Compliance Challenges
As noted by IBM licensing expert Niall Eddery the primary challenge – beyond the loss of control – is that reliable reporting methods aren’t available for all IBM software and metrics. Beyond more common metric types such as Authorized User & PVU IBM have a large number of other metrics which may be difficult to measure. Furthermore, Niall notes that at the time of writing IBM have yet to publish the required reporting format, so currently we don’t know what to measure, how to measure it, and how to report it. Readers familiar with PVU licensing will recall that peak usage (high water mark) is important in measuring consumption – but we don’t yet know IBM’s requirement for reporting usage of other metric types.
Immediate Actions
If 2023 wasn’t already busy enough for ITAM professionals, this announcement also requires urgent attention. As pointed out by IBM licensing expert Piaras MacDonnell these terms take effect for existing customers on May 1, 2023 – three months after the initial announcement. For new customers they apply immediately.
The terms apply as of that date to new orders and renewals, so as soon as you renew S&S you’re subject to the new terms. Therefore, it’s vital that processes and technologies are put in place to continuously discover your entire IBM estate. It’s also vital that you have a full and accurate understanding of your current license entitlements as you’ll need this to estimate the cost of any non-compliance.
Given the complexity of IBM licensing it’s important that you don’t underestimate the impact of this change. Talk to your existing tool providers to see how they can help and also consider engaging third-party IBM licensing experts. There are a wide variety of options out there ranging from your reseller, IBM partners, and independent consultants and firms. Now is the time to start planning such an engagement because you must have strong confidence in your IBM licensing position in time for your next renewal.
Taking a longer-term view on IBM compliance and hoping you don’t get an audit letter is no longer an option – you must now, at least once per year, declare your license consumption to IBM. If that declaration shows a shortfall you then must comply with the Excess Use Resolution as detailed in section 10.3 of the agreement.
Summary
This license change greatly reduces the leeway IBM licensees have with regard to compliance. In some ways it’s similar to SAP’s approach with annual LAW reports. Your primary defense against an audit (control of information) has been removed. It would be prudent to assume that annual reports will be used by IBM’s compliance teams to select audit targets. With the increased risks now associated with IBM software this may make an offer to join the IASP program one you’d be unwise to refuse.
Can’t find what you’re looking for?
More from ITAM News & Analysis
-
ITAMantics - April 2024
Welcome to the April 2024 edition of ITAMantics, our monthly news podcast where we discuss the biggest ITAM stories from the last month. George is joined this month by AJ Witt and Ryan Stefani. Stories tackled ... -
Broadcom is removing expired VMware licences from its portal - take action now!
Hot on the heels of Broadcom’s announcement of the end of perpetual licences for VMware it has given customers barely a week to download any keys for licenses from its portal with expired support. This is ... -
Who Loses When Broadcom Wins?
News of a new Broadcom deal rarely arrives with great fanfare. The November 2023 VMware acquisition provoked open worry online and in business circles, with many critics wondering whether the former Hewlett-Packard spinoff’s reputation would prove ...