Home CTR Exclusives Virtualization: Think You Aren’t Violating Your Software License Contracts? Think Again

Virtualization: Think You Aren’t Violating Your Software License Contracts? Think Again

Thursday, 17 September 2009 08:48 Jeff Greenwald, Acresso Software

Acresso SoftwareVirtualization is on the minds of most IT executives and administrators for several very good reasons, including a reduced datacenter footprint, lower overall IT costs, simplified server management, and a greener data center. But virtualization can also make it very difficult to track the use of software licenses. While it brings tremendous benefits, a virtualization strategy may be putting organizations at risk of violating their software license contracts -- a compliance nightmare that could cost hundreds of thousands or even millions of dollars.

Two Violation Scenarios Caused by Virtualization

“Soft” Server Partitioning Scenario

This is one virtualization scenario that can quickly put companies in hot licensing water. Many organizations don’t really understand the software licensing constructs they agree to -- and often, the person negotiating software license contracts is not the person responsible for the deployment and use of those licenses. So with all the good intentions in the world, an administrator may opt to use virtualization to soft partition a server instead of using hardware partitioning. Let’s say the administrator has a 24-way server and hard partitions four CPUs to run an instance of Oracle or a Microsoft application. The list price for a software license for Oracle, for examples, is currently $47,000 per CPU, so the cost would be $188,000. But the software license agreements of both companies don’t recognize soft partitioning as a method of isolating application instances and would require counting all 24 CPUs on the server. In the above example, instead of being liable for $188,000, the company would find itself liable for a total cost of more than $1.1 million.

Load Balancing Scenario

A division such as an ecommerce division within a large enterprise recognizes it can reduce the cost of upgrading its load balancing capabilities for an Oracle database back end by building out its infrastructure with virtualized servers instead of physical servers. Instead of deploying a number of physical servers, the administrator of the Web site purchases licenses of VMWare and automates the process of creating virtual machines, each running an instance of Oracle, as the current load requires.

Having purchased a sufficient number of licenses of VMWare, the administrator may have no insight into the number of Oracle licenses being consumed by the virtual machines, unintentionally but quickly putting the organization in violation of its Oracle software license agreement.

Software Licensing and Virtualization

The problem is that virtualization introduces several unknowns. Even worse, software vendors and enterprises don’t really agree on a licensing model. Customers view virtualized licenses as a way to rearrange processing and reduce software costs. Vendors see the increased functionality as a way to position new value and justify a higher price. Enterprises need to fully understand the areas of compliance risk to ensure that they are using the licenses within their contractual rights.

The reality is that even with traditional deployments, applications contain no mechanism to ensure license compliance, and it’s very difficult to track the use of the software and map the use to the entitlements of the contract. Virtualization makes this process even more complex. In all likelihood, IT staff, who know little about the specific license terms, will deploy an application in a virtual environment and be violating those terms from day one.

Is a Software Audit in Your Future? Will Virtualization be a Factor?

Quite possibly. According to industry feedback, Oracle audits appear to be on the rise. Why would this be the case? Call it the perfect storm of a battered economy and mature market. Industry followers agree that customers often experience an increase in audit possibilities when the economy worsens.

The use of audits by Oracle during the current recession is certainly within the company’s rights and should not surprise customers. In addition, several other events can trigger an audit by Oracle and other software vendors:

  1. Contract renewals -- IT organizations should have a clear idea of how closely the existing contract aligns with current and planned deployments, so that those negotiating the new contract know whether to add licenses, reduce the scope of the agreement, or try to get additional entitlements bundled into the new deal. While preparing for a negotiation should be sufficient to encourage IT departments to do their own internal audit, the contract renewal period can itself be a trigger for a vendor audit.
  2. Corporate restructuring -- These events arise from M&A activity like divestitures, reorganizations, expansions, facility closings and more. In addition, IT infrastructure changes can result from hardware platform and OS migration and virtualization initiatives. How would a software vendor come to know about these infrastructure changes? These events are often widely discussed at conferences by those involved, and third-party vendors love to publicize that they are helping the enterprise achieve its IT restructuring goals.
  3. Audit firm scuttlebutt -- When a software vendor hires an auditing firm to target a company, other vendors may well suspect the targeted company of violating their contracts as well, resulting in a feeding frenzy.

The Best Practice Response

While an audit may not be likely this week or next, an eventual audit is certain, and with the increased reliance on virtualization, the potential to be drastically out of compliance skyrockets. And as Gartner says simply, “Organizations should review compliance risk areas, because noncompliance will result in unexpected costs with low negotiating leverage.”

Companies therefore need to prepare for an audit sooner or later, but waiting until later can be disastrous. Manual fire drills force IT staff to slog through multiple server audit logs to determine exactly how many users are accessing application resources, which processors the applications are being run on, which features and options are being used, and whether the deployment trend is increasing or decreasing. This in turn causes substantial disruption of normal IT operations and diversion of resources from other essential tasks. It also results in incomplete and inaccurate information, potentially leaving the company as vulnerable as before the massive undertaking.

To avoid this situation while placing contract negotiators in a stronger position, IT organizations should implement the following proven software license management best practices:

  • Perform consistent monitoring of application deployments in relation to current licensing agreements to avoid manual fire drills.
  • Collect complete, granular information. Large applications are often deployed across multiple platforms and include a wide range of options, entitlements, and utilities. Only granular information provides sufficient visibility into the complete deployment and provides the accurate information negotiators need.
  • Use a regularly scheduled, automated process to reduce the impact on staff, eliminate business disruption, and ensure accuracy. A third-party “agentless” software solution is the best way to add this capability without adding additional management complexity.

In the age of virtualization, navigating the risks and complexities requires greater understanding of licensing management best practices. Being prepared can save enterprises hundreds of thousands or even millions of dollars. In addition, they enable IT decision makers to keep spending closely aligned with business needs, plan budgets with greater accuracy, and negotiate contracts in a far more informed and effective manner.

 

Jeff Greenwald is the director of Enterprise Product Management, Acresso Software.

 

 

 

 

White Papers

Achieving Rapid Data Recovery for IBM AIX Environments

The Benefits of Data Replication in HACMP/PowerHA AIX Cluster Management Implementations

Introduction to High Availability for IBM System i High Availability

Five Reasons Why Smaller Organizations Should Consider High Availability

The Benefits of Continuous Data Protection (CDP) for IBM i5/OS and AIX Environments 

State of Resilience of IBM Power Systems (AIX and i5/OS)

Journaling and High Availability - Understanding IBM i Data Protection

Breakthrough Data Recovery for IBM AIX Environments - How New Technologies Are Making Data Protection, Recovery and High Availability Easier and More Affordable

High Availability in an SAP Environment- Keep mission-critical SAP operations running no matter what

How to Solve Downtime Challenges to Manufacturing and Supply Chain Operations

Information Availability: What Every Health Organization Should Know      


Computer Technology News
  See current issue or subscribe below

Subscribe to CTN