What information we need to monitor to be compliant
IBM is one of the world's largest providers of infrastructure and software, and its intense R&D and acquisitions (think Red Hat,leader in the open source solutions market) have led it over time to a very broad and diverse product portfolio, which is also matched by a growing profit ($927 million in the first quarter according to Wall Street).
IBM's licensing is also very complicated by virtue of these numbers: more than 18,000 products and more than 32,000 "part numbers", or the different types of offerings that involve a combination of products (and metrics) into which the various software components fit.
Adding complexity is also the constant evolution of this portfolio: even if you have a clear idea of the edition and version of the products purchased, these are not immutable.
Their licenses, in fact, can change, and the news is given in the so-called "announcement letters" because IBM keeps doing extraordinary operations (e.g., HCL or Red Hat), launching new products, and there can be renaming or new bundling so that you have hundreds of thousands of different ways of bundling different products, all with different licensing rules.
We have seen in another article (go here to read it), that IBM has introduced from the 1st of May 2023, an annual obligation for the creation of usage reports for all software contained in the Passport Advantage to be provided to the vendor within 30 days of the request. They will have to be prepared in the format required by IBM.
We do not have the format available yet (it will be published by the end of the year), but we do know what information IBM will focus its audits on. To understand them, let's try to put the complicated IBM licensing landscape in order. Let's start with agreements.
What are IBM agreements?
Usually when we refer to IBM licensing agreements, we have to take into account three levels that give us an overview:
- the basic licensing agreements, which describe in detail what was purchased
- the commercial agreements, which are those that describe how to purchase licenses and the terms under which they are managed
- the enterprise-level agreements, which are negotiated with the vendor
In the Basic Agreements, we find the IPLA (International Program License Agreement), which is nothing more than the standard agreement that IBM customers accept when they download, install, or purchase any IBM product. It contains hyperlinks to a number of embedded documents: the most important are the License Information (LI) and Policies .
The License Information establishes the detailed license terms that apply to each individual program: they are different for each product and version (so if you upgrade the version, the LIs change and so do the terms of the conditions). So you have to be careful whenever there is a change on one of those products. Generally inside we find this information:
- Program name and PID number (product identifier), which links to usage rights
- Details of bundled and/or supporting programs that may be installed to provide functionality to the licensed program and any restrictions on their use (e.g., if it is running on separate servers you need to make sure you have PVU-based licenses for both machines)
- licensing metrics that can be used to license the program, (including any conversion tables)
- components that must not be used, known as "prohibited components"(Prohibited Components))
- components that may be installed but are not used to establish license requirements (Permitted Components)
- specific restrictions on customer use of the program (e.g., related to metrics on authorized users)
- use of the program in a non-production environment
Here we can see an example of License Information (LI) for Cognos, one of IBM's most popular programs.
We now come to Passport Advantage (PA), which is the contract that concerns us: it falls under commercial agreements, along with Passport Advantage Express (PAX) and Embedded Software Agreements (ESA),, which are focused on business partners. PA is the agreement that manages volume purchases of IBM licenses. Unlike PAX, which is purely transactional and designed primarily for targeted purchases or small orders, it has a lot of flexibility and allows points to be accumulated for discounts.
Within it, we can find hyperlinks to other documents (e.g., Terms&Conditions, Policies, Relationship Suggested Volume Pricing (RSVP), Sub Cap Terms and PVU Calcolator covering sub-capacity terms, Notification, Lifecycle on software lifecycle).
In the IPLA, IBM refers to the audit clauses (i.e., it enshrines the vendor's right to audit), but it is the PA that provides details on how it will be managed (and we have also seen this with the 4.1 amendment).
At the heart of the PA is the Access Portal, which is the entry point for administering licenses and understanding what user rights are.