IBM Software Licence Compliance Things that you need to know
by user
Comments
Transcript
IBM Software Licence Compliance Things that you need to know
IBM Software Licence Compliance Things that you need to know About HW Fisher & Company 80-year old, top 30 audit and accountancy firm based in London 300 partner and staffs, £24 million turn over, 7,000+ active clients Fisher IT Asset Consulting (FIAC) is the strong licence audit and advisory arm of Fisher, with over 20 years sector experience Eric Chiu Ex-lead IBM licence auditor Experienced SAM architect Directed multiple global audit defence engagements 1 A snapshot of IBM LICENSING COMPLEXITY 2 The challenge Massive product portfolio High per-unit licence cost Complex licensing rules Frequent acquisition of new software companies Complex and long history rule changes Hard to manage virtual licensing mechanism (sub-capacity) Mostly non-windows, datacentre software No built-in licence control / tracking mechanism 3 IBM LM Knowledge Map Contract Metrics Technical Audit General PA knowledge General product knowledge Sub-capacity restrictions Process awareness Legacy contract types General metric knowledge ILMT / TAD4D configuration Self-audit capability EESO & substitution clause Value unit metric conversion Component level bundling Challenging audit reports S&S to Base Licence Reconciliation Version and edition restrictions Contractual level bundling Commercial negotiation tactics 4 What you want to know for an IBM licence audit LET’S TALK ABOUT AUDITS 5 IBM Compliance Background Key facts about IBM Software Licence Compliance Programme Compliance team sits under software sales organisation 6 Compliance Managers in UK & I Compliance revenue is major income stream IBM Customers 6 The Audit Process Selection How to stay under the radar? Notification Scoping & Initiation Data collection How to buy some time or come clean? What to include and when What to share / submit? Data analytics and validation How to avoid unnecessary work? Factual accuracy discussion 3-way hand-over Settlement discussions How to validate an audit report? What “facts” to agree to? How much to liability to accept? 7 6 Key Risks 1) Virtualisation Sub-capacity eligibility and requirements; Clustering, VMotion and device relationships; Hard and soft partitioning; 2) User access control / User management Default user access rights (all admin / advance users?) Removing / disabling legacy user / audit trail 3) Server role definition Production / Non-Production / DR Hot / Warm / Idle standby Active / Passive clustering 4) Multiplexing Accessing database through a concentrator / application layer 5) Application specific restrictions Basic edition will allow up to 4 CPUs and 16 GB of memory; 8 The 6th Risk – Human Error “These are our Test/Dev servers, so we didn’t put ILMT agents on them” “These servers are owned by our service provider, so I guess we do not need to worry about what’s on them” “Isn’t it 50 PVU per core for multi-core processors, and 100 PVU per core for single-core processors? Easy!” “We don’t think there is a way to measure concurrent sessions so we didn’t monitor it” “Those are test accounts and there is no point to licence them” “But our tool says…” 9 Why your SAM tool won’t help Apart from data quality / GAGO issue: Limited discovery capability in the Linux / Unix world Most metrics are not simple user or installation based Reporting cannot be tailored for complex licensing models IBM does not accept 3rd party reporting tools for sub-capacity (PVU) reporting – strictly ILMT or TAD4D only This is why IBM auditors do not use or accept any 3rd party tools during an audit. Your tool can work only if you have the knowledge to perform the entire audit process manually. 10 Pre-Audit Checklist Entitlement consolidation & reconciliation Check your sub-capacity eligibility, sign-off reports Verify scope – ownership and liabilities Verify the completeness and accuracy of your hardware inventory data Check your ILMT / TAD4D bundling rules Build your own Effective Licence Position 11 Selection of useful information for IBM License Management EXAMPLE KNOWLEDGE 12 Contractual Entitlement Mapping What you can see from IBM's records Partno. E025SLL (RAW) Part Description WEBSPHERE APPLICATION SRVR NETWORK DEPLOYMENT VU ANNUAL SW S&S RNWL WEBSPHERE APPLICATION SRVR NETWORK DEPLOYMENT VU LIC + SW S&S 12 MO WAS NETWORK DEPLOYMENT SUBCAP PROCESSOR LIC + SW S&S 12 MO WEBSPHERE APPLICATION SRVR NETWORK DEPLOYMENT PROCESSOR LIC + SW S&S 12 MO D55WJLL D54GZLL D5ALTLL Raw Quantity 83808 Startdate 01/04/2013 Enddate 31/08/2014 6 28/03/2007 31/12/2012 48 28/06/2006 30/06/2007 556 31/12/2002 30/06/2007 What you need to understand for your own records # Partno. 492 E025SLL SubCleansed Product Nam e Fam ily WebSphere MQ WebSphere Application Server Netw ork Deployment 493 D55WJLL WebSphere MQ WebSphere Application Server Netw ork Deployment 494 495 D54GZLL D5ALTLL WebSphere WebSphere MQ MQ WebSphere Application Server Netw ork Deployment WebSphere Application Server Netw ork Deployment Fam ily Type Metric Support & Maint Processor Value Unit Base licence Processor Value Unit Base licence Processor Base licence Processor Base Current Maintenance Entitlem ent Maintenance Expiry Date 60,406 83,808 31/08/2014 6 4,800 55,600 13 Metrics 1) Virtualisation Sub-capacity eligibility and requirements; Clustering, VMotion and device relationships; Hard and soft partitioning; 2) User access control / User management Default user access rights (all admin / advance users?) Removing / disabling legacy user / audit trail 3) Server role definition Production / Non-Production / DR Hot / Warm / Idle standby Active / Passive clustering 4) Multiplexing Accessing database through a concentrator / application layer 5) Application specific restrictions Basic edition will allow up to 4 CPUs and 16 GB of memory; 14 PVU Table http://www-01.ibm.com/software/passportadvantage/pvu_licensing_for_customers.html 15 AUVU Table 16 Tivoli Mapping 17 What we can do for you Onsite & offsite training Managed Reporting Audit defence Internal audit Compliance Baseline & Optimisation 18 Contacts Eric Chiu Fisher IT Asset Consulting Director Tel: +44 (0) 202 7554 3014 Mob: +44 (0) 7540 123 970 E-mail: [email protected] Stuart Burns Fisher Forensic Partner Tel: + 44 (0)20 7380 4964 Mob: +44 (0)7798 532 789 E-mail: [email protected] Rafi Saville Fisher Forensic Partner Tel: +44 (0)20 7874 7967 Mob: +44 (0)7968 162 651 E-mail: [email protected] WWW E www.hwfisher.co.uk/fiac [email protected] 19