Broadcom VMware Audit Defence and Compliance Guide 2026

The Broadcom Audit Enforcement Shift: What Changed and When

Broadcom's acquisition of VMware in November 2023 marked the beginning of the most coordinated and aggressive licensing enforcement campaign against VMware customers in the product's 25-year history. Within 18 months, Broadcom moved from legacy VMware's permissive compliance posture to a vendor-driven audit model that combines aggressive retroactive licensing interpretation with direct sales pressure.

The shift accelerated in 2024 when Broadcom killed all perpetual VMware licences and transitioned exclusively to subscription-based VCF (VMware Cloud Foundation). The retroactive application of new core-based licensing models to legacy per-socket perpetual deployments created compliance gaps affecting thousands of enterprises. Simultaneously, Broadcom required mandatory compliance reporting by schedule in 2025 and stopped accepting new datacenter subscriptions for customers on March 30, 2026, forcing renewal or migration conversations.

Connor Consulting, Broadcom's primary third-party audit firm, has conducted over 300 VMware audits since 2024, identifying total audit exposure exceeding $2 billion across enterprise customers. Broadcom's telemetry from vCenter and vSphere+ (which phones home by default) gives the vendor real-time visibility into deployment scale, core counts, feature usage, and license expiry. This telemetry, not customer-initiated contact, is often what triggers an audit.

What Triggers a Broadcom VMware Audit: Seven Critical Scenarios

Broadcom's audit selection is partly random sampling and partly targeted. Understanding the triggers that place you on Broadcom's audit radar is the first step in your defence strategy. Our Broadcom audit risk and compliance guide provides detailed analysis of audit triggers and proactive mitigation strategies.

1. Expired Support and Maintenance (SnS) with Ongoing Use

The most common audit trigger: enterprises running VMware with expired Support and Subscription (SnS), which implies either unlicensed use or use of unsupported versions. This is a high-priority target because Broadcom can argue continued use of expired subscriptions is material non-compliance. Even if you have valid perpetual licenses, using patches or updates released after SnS expiry creates a liability.

2. Core Count Mismatch Between License Records and Deployment

Your license agreement specifies a core count (e.g., 72 cores minimum per VCF subscription from April 2025). Telemetry from vCenter shows actual deployment across hosts. If your license records claim 144 cores but vCenter reports 200 active cores, you have a compliance gap. Broadcom uses telemetry snapshots spanning 12+ months to identify the highest watermark of deployment.

3. Running Enterprise Features on Standard Licenses

VMware Enterprise and Standard editions have different feature sets and pricing. If telemetry detects you are using Enterprise features (vSphere Replication, Fault Tolerance, NIOC) while claiming only Standard licences, this is a reportable gap. The audit will charge the difference retroactively from the date you first used the feature.

4. Using Post-Expiry Patches on Perpetual Licences

Perpetual VMware licence agreements include SnS for five years. Once SnS expires, you retain the perpetual right to run that version but cannot install patches or updates released after the expiry date. Broadcom has sent cease-and-desist letters to perpetual holders caught using post-expiry patches, claiming this violates the original license agreement.

5. Failure to Adjust Licences After Host Addition or Consolidation

When you add new hosts to your vSphere environment, you must add corresponding licenses. When you consolidate workloads and reduce active hosts, you should downsize licences (if your contract allows mid-term reduction, which requires negotiation). Telemetry will detect host additions; if license records show no corresponding purchase, this is audit material.

6. Hyperthreading and Logical Core Counting Errors

VMware core licensing is based on physical cores, not logical cores. Modern CPUs with hyperthreading create 2N logical cores from N physical cores. Many enterprises mistakenly count logical cores and under-license by half. A 16-core physical CPU = 16 licensed cores, not 32. Broadcom audits systematically identify these errors.

7. Telemetry Detection of Hidden or Under-Reported Deployments

vCenter and vSphere+ telemetry reports actual resource consumption. If your license records show one vSphere cluster but telemetry reveals three clusters (e.g., production, disaster recovery, and development/test), Broadcom will challenge you on why those clusters were not included in the licensed count. Some enterprises claim "air-gapped" or non-compliant environments to avoid licensing; telemetry often detects these.

How Broadcom Conducts Audits in 2026: The Connor Consulting Model

Understanding the audit process itself—how Broadcom's auditors gather evidence, structure findings, and communicate results—helps you prepare a credible defence and identify weaknesses in their methodology.

The Audit Workflow

Phase 1: Notice and Engagement. Connor Consulting sends a formal audit notice on behalf of Broadcom, requesting access to license records, vCenter data exports, and infrastructure documentation. You have 10-15 business days to respond. Many enterprises do not respond adequately at this stage, missing an opportunity to control the narrative.

Phase 2: Evidence Collection. Connor requests vCenter database exports, license files from your management system, host configuration reports, and purchase orders. The audit team also examines purchase history, renewal dates, and any correspondence regarding license adjustments. Some audits now require live vCenter access to run Broadcom-provided scripts that enumerate actual cores and feature usage.

Phase 3: Data Analysis. Connor cross-references three data sources: (1) your license records (what you claim to have purchased), (2) vCenter telemetry (what you actually deployed), and (3) historical purchasing and renewal records. Discrepancies between (1) and (2) become audit findings. If Connor cannot reconcile evidence, they may estimate under-licensing conservatively in your disfavour.

Phase 4: Preliminary Findings. Connor issues a preliminary audit report outlining identified non-compliance, proposed remediation, and estimated exposure. At this stage, many enterprises disagree with the methodology or challenge data integrity. Your response here is critical: do not accept findings you genuinely believe are wrong, and ask Connor to substantiate their analysis.

Phase 5: True-Up and Settlement. If you agree with findings or negotiate a compromise, you execute a true-up agreement quantifying your under-licensing and the costs to bring your account into compliance. Settlement amounts often include the under-licensed subscription costs plus a true-up fee. The best settlements include negotiated discounts on forward licensing and mid-term reduction rights.

Telemetry and Data Sources

vCenter and vSphere+ include optional telemetry features enabled by default. This "phoning home" sends resource inventory, core counts, feature usage, and licence status directly to Broadcom monthly. Connor uses this telemetry as the ground truth for actual deployment. If your telemetry data contradicts your license records, the burden shifts to you to explain the discrepancy. Best practice: disable optional telemetry and maintain local-only inventory records if permitted under your license agreement.

However, Broadcom can also require telemetry access as part of an active audit. The audit notice may include a requirement to enable telemetry retroactively and export historical data. If you refuse, Connor will estimate your compliance gap based on incomplete information—almost always in your disfavour.

Core-Based Licensing: The Root of Most Compliance Gaps

Broadcom's transition from per-socket licensing to core-based licensing is the primary source of audit disputes and under-licensing scenarios. Understanding the model, the minimum purchase requirements, and the retroactive application to legacy deployments is essential.

How Core-Based Licensing Works

Under Broadcom's core-based model, every vSphere host must be licensed on a per-physical-core basis. Each vSphere CPU core is the unit of licensing. The VCF (VMware Cloud Foundation) subscription bundles include Broadcom licensing on a 72-core minimum order from April 10, 2025. This means you cannot buy licensing for fewer than 72 cores per VCF subscription unit, even if your deployment uses only 48 cores.

Each core is assigned to a single VCF subscription. You cannot mix core licensing across multiple subscription tiers or license levels within a single host. A 32-core physical host requires 32-core licensing assignment to a single subscription tier (Standard, Enterprise, or higher).

The minimum 72-core purchase requirement creates a pricing floor: at approximately $350/core/year for VCF at list price, every VCF subscription costs at least $25,200 per year. For a small environment with 48 total cores, you must purchase 72 cores' worth of licensing, paying for 24 unused cores.

Per-Socket vs. Per-Core: The Retroactive Application Problem

Legacy VMware licenses (purchased before Broadcom's 2024 transition) were priced per socket, not per core. A per-socket license for a dual-socket server cost significantly less than per-core licensing for the same hardware. When you upgraded to Broadcom subscriptions, Broadcom applied core-based pricing retroactively to legacy deployments, even for periods when you held perpetual per-socket licenses.

Example: An enterprise with 8 physical servers, each with 2 sockets and 8 cores per socket (16 cores total per server, 128 cores enterprise-wide) held perpetual per-socket licenses for 8 sockets. Under VMware's original license model, 8 sockets ≈ $8K per year in maintenance. Under Broadcom's retroactive core-based model, 128 cores = 128 × $350 = $44,800 per year (for 72-core minimum subscription, actually $25,200 minimum, but pricing is retroactively applied to older audit periods). Broadcom then claims that the customer was under-licensed throughout the retroactive audit window, demanding payment for back licensing from the date Broadcom took over.

16-Core Floor and 72-Core Minimum from April 2025

Every physical CPU must be licensed for a minimum of 16 cores, regardless of actual physical core count. A single-core processor requires 16-core licensing. This floor applies retroactively: if you owned a legacy host with 8 physical cores and held a valid per-socket license, Broadcom's audit will charge you for 16-core licensing for that host going back to the audit start date (often years prior).

From April 10, 2025 forward, every VCF subscription order requires a 72-core minimum. Small deployments under 72 cores must still pay for 72-core licensing, creating significant cost inflation for smaller environments.

Cease-and-Desist Letters: What They Mean and How to Respond

Broadcom has sent cease-and-desist (C&D) letters to perpetual VMware license holders, typically those using post-expiry patches or running systems after SnS expiry. These letters carry legal weight and require a swift, strategic response.

Anatomy of a Typical C&D Letter

Broadcom's C&D letters typically claim that the customer is in material breach of the original license agreement by: (1) using patches or updates released after SnS expiry, (2) running unsupported versions with active support contracts from third parties (undermining Broadcom's support monopoly), or (3) failing to report license compliance on the mandatory compliance schedule introduced in 2025.

The letter demands immediate action: cease use of the infringing patches, purchase current VCF subscriptions to bring the environment into compliance, or accept a settlement offer. The letter often includes an "audit hold" notice, preventing license changes, renewals, or support interactions until the dispute is resolved.

Step-by-Step Response Strategy

Step 1: Do Not Ignore the Letter. Ignoring a C&D letter is equivalent to admitting liability. You have 10 business days to respond. Allocate a response team immediately: legal counsel, compliance officer, and technical leadership.

Step 2: Preserve Evidence. Immediately preserve all evidence related to the claim: purchase orders, license files, deployment records, support communications, and any written instructions or approvals you received from Broadcom or VMware. If you have internal emails discussing post-expiry patch usage, document when the decision was made and why (e.g., security patches for known vulnerabilities, with Broadcom/VMware acknowledgment that patches were critical).

Step 3: Assess the Claim's Merits. Does the C&D letter correctly characterize the license terms? For example, if the claim is about post-expiry patches and you can demonstrate that Broadcom had previously approved such usage or that the patches were necessary for security compliance, your position is stronger. If the claim is about missing compliance reports, verify what was actually required under your original agreement vs. new 2025 requirements.

Step 4: Draft a Response Letter. Your response should: (a) acknowledge receipt and take the matter seriously, (b) correct any factual inaccuracies in Broadcom's characterization, (c) present your interpretation of the license agreement, (d) explain your compliance intent and any mitigating facts, and (e) propose a path forward (e.g., remediation within 30 days, good-faith negotiation, or third-party audit reconciliation).

Step 5: Do Not Admit Liability. Avoid language like "we acknowledge the breach" or "we agree we owe true-up fees." Use conditional language: "If Broadcom's interpretation of the agreement is correct, we would be willing to discuss..." This preserves your negotiating position.

Step 6: Engage Audit Defence Counsel. If this is your first C&D letter, immediately engage external counsel or an audit defence firm experienced in Broadcom disputes. The cost of counsel ($50K–$200K) is typically far less than accepting Broadcom's initial settlement demand, which often includes 2–3x the actual true-up costs in penalties and fees.

Building Your Audit Defence Programme: Continuous Compliance Architecture

The most effective audit defence is not a response to contact but a proactive compliance programme built into your IT governance and license management. Enterprises with documented continuous compliance programmes win audits before Connor Consulting even gets involved.

Four Pillars of a Credible Audit Defence Programme

Pillar 1: Accurate Host Inventory. Maintain an authoritative, continuously updated inventory of every physical host running VMware, including: physical CPU count, logical core count, CPU model, vSphere edition (Standard/Enterprise), host role (production/DR/dev-test), and license assignment. Inventory must be reconciled with license records quarterly. Use automated discovery tools (vSphere API integration, vCenter reporting, or third-party asset management) to populate this inventory; manual spreadsheets are not defensible.

Pillar 2: License Record Management. Maintain a chronological record of every license purchase, renewal, and modification. Every transaction should include: purchase order number, date, quantity, core count, subscription tier, term, and renewal date. Store these records in a system of record (ITSM platform, dedicated license management tool, or organized shared repository) with version history and audit trail. When an audit begins, this history becomes your first line of defence: it proves you took licensing seriously and made good-faith effort to stay compliant.

Pillar 3: Quarterly Reconciliation and Gap Closure. Every 90 days, reconcile your host inventory with your license record. If gaps emerge (e.g., new hosts added, license renewals not reflected), close them within 30 days. Document each reconciliation and gap closure in writing. Auditors view enterprises that close gaps promptly as less culpable than those that tolerate known gaps for months or years.

Pillar 4: Telemetry Control and Documentation. Understand what telemetry you have enabled in vCenter and vSphere+. If telemetry is enabled, document the reasons (security monitoring, capacity planning, etc.) and any limitations (e.g., data retention, anonymization). If telemetry is disabled, document why (data governance, air-gap requirement, etc.) and ensure your manual inventory substitutes for missing telemetry data. Auditors want to see that you are intentionally managing data flows, not ignoring them.

Documentation that Wins Audits

When Connor Consulting calls, your documentation determines your outcome. Maintain the following defensible documents:

• Quarterly license reconciliation reports: Show host inventory, license records, any identified gaps, and remediation actions. Format: tabular data with dates and evidence links.
• Procurement records with approval workflows: Every license purchase should be traceable to a business justification and an approved requisition. Demonstrates good intent.
• IT policy on perpetual vs. subscription strategy: If you held perpetual licenses into 2024, document the board-level or IT governance decision to maintain perpetuals. Shows strategic intent, not negligence.
• Patch and update approval matrix: If you applied patches after SnS expiry, document the governance process that approved each patch, the security or operational justification, and any Broadcom/VMware communications supporting the decision.
• Migration or remediation plans: If gaps are identified during audit, show that you have a credible plan to remediate (e.g., upgrade to current subscriptions by X date, migrate to alternative hypervisors by Y date). Plans with milestones are far more persuasive than reactive after-the-fact compliance efforts.

The Settlement Negotiation Process: Leverage Points and Winning Outcomes

Most Broadcom VMware audits do not result in litigation. They result in true-up settlements in which the customer agrees to pay for under-licensed periods plus a fee or penalty. How that settlement is structured determines whether you pay $200K or $2M for the same underlying compliance gap. Negotiation leverage and timing are decisive factors.

Understanding Broadcom's Settlement Incentives

Broadcom prefers settlements because they: (1) convert contingent compliance liability into immediate revenue, (2) lock customers into subscription renewals with specific terms, (3) create precedent for other customers facing similar audits, and (4) avoid litigation expense and risk. This preference for settlement is your leverage.

Broadcom's fiscal year ends October 31. Settlements announced in Q4 (August–October) count toward annual revenue targets. Broadcom is more willing to negotiate favorable terms in August–October than in November–July. This is a concrete leverage point: delay settlement discussions until late Q3/early Q4 if timing permits.

Five Leverage Points in Negotiations

Leverage 1: Documented Compliance Intent. If you have quarterly reconciliation reports, gap remediation records, and a written compliance programme, you negotiate from a position of strength. Auditors view this as "we made a mistake, but we're serious about fixing it" rather than "we ignored licensing for years." This often reduces settlement penalties by 30–50%.

Leverage 2: Credible Migration Alternative. If you can document a realistic plan to migrate 30%+ of your environment to Nutanix AHV, Microsoft Hyper-V, or OpenStack within 18 months, Broadcom's settlement offer will improve materially. A documented migration plan is worth 15–25% in settlement discounts. Broadcom wants to retain you as a renewable customer; losing you entirely is worse than a discounted settlement.

Leverage 3: Scale Reduction Mid-Term. If you can commit to consolidating workloads, sunsetting clusters, or right-sizing infrastructure within the settlement period, this reduces your forward licensing obligation. A commitment to reduce from 200 cores to 144 cores over 24 months translates to lower settlement costs and lower ongoing subscription costs. This is valuable to both parties.

Leverage 4: Enterprise Agreement Structure. If you can commit to an enterprise agreement for multi-year subscriptions (3–5 years) with negotiated price caps and mid-term reduction rights, Broadcom will offer discounted per-core rates and may waive portions of the true-up penalty. Enterprise agreements lock in revenue visibility and are worth 15–30% in settlement discounts.

Leverage 5: Timing Alignment with Broadcom Fiscal Close. As mentioned, settlements announced in Q4 (Aug–Oct) count toward Broadcom's fiscal year targets. If Connor is pressing for settlement in July, you have material leverage to hold off until September when fiscal pressure increases. Broadcom's negotiating authority often expands significantly as quarter-end approaches.

Settlement Structure: What to Negotiate

A typical initial Broadcom settlement offer might read: "You under-licensed 50 cores for 36 months at $350/core/year = $630,000 base liability, plus 25% compliance penalty = $787,500 due within 30 days. New VCF subscriptions at $350/core/year forward."

A credible counter-offer might structure settlement as: "We agree to true-up at $300/core/year (negotiated rate) for the 36-month period (= $540,000). Penalty of 12% (= $64,800, not 25%) applied to the first 12 months only (= $21,600 total). New subscriptions at $280/core/year under a 3-year enterprise agreement with mid-term reduction rights (allowing 20% downsize without penalty). Total settlement: $562,500 over 36 months, average $15,625/month, with path to lower ongoing cost."

This counter-offer: (1) reduces per-core rate through negotiation (often achievable if you commit to scale), (2) limits penalty to early non-compliance period, (3) locks in forward pricing below list, and (4) includes operational flexibility (mid-term reduction rights). Most enterprises are surprised to learn that mid-term reduction rights are negotiable; they are not standard, but they are almost always approved if you ask.

VMware Perpetual Licence Compliance: What Perpetual Holders Must Know in 2026

If you hold VMware perpetual licenses, your compliance obligations changed dramatically after Broadcom's acquisition. Understanding your rights and obligations is critical because perpetual holders face targeted audits and aggressive true-up demands.

What Perpetual Licenses Entitle You To

A perpetual VMware license entitles you to: (1) indefinite use of the licensed vSphere version, (2) the right to install patches and updates released during the included SnS period (typically 5 years), and (3) the right to migrate to newer major versions if you purchase SnS renewal for that version. Once SnS expires, you retain the perpetual right to run the version you licensed but cannot install subsequent patches or updates.

Perpetual licenses do not entitle you to: (1) automatic updates to new major versions without purchasing SnS, (2) technical support beyond the SnS period (unless you renew SnS), or (3) premium features that were not included in your original license tier. A perpetual Standard license cannot run Enterprise features without purchasing Enterprise SnS.

The Core-Based Audit Problem for Perpetual Holders

Broadcom has begun auditing perpetual holders and retroactively applying core-based licensing models to periods when the customer held per-socket licenses. This is the central dispute in many perpetual holder audits. Broadcom's argument: "Core-based licensing has been the standard since 2025; your legacy per-socket licenses were always non-compliant under Broadcom's licensing architecture, and you owe the difference retroactively."

Your counter-argument: "At the time we purchased these perpetual licenses, VMware priced per socket. We were licensed in full compliance with VMware's then-current model. Broadcom cannot retroactively change the licensing model of agreements that predate Broadcom's acquisition."

This dispute is not settled law. Different auditors have taken different positions. If Broadcom demands a true-up for perpetual periods under a retroactive core-based model, your response should be: "This interpretation conflicts with the original VMware license agreement and the terms under which we purchased. We are willing to discuss forward licensing (i.e., licensing requirements for versions released after Broadcom's acquisition) but not retroactive recharacterization of settled perpetual obligations."

Post-Expiry Patch Usage and the Cease-and-Desist Risk

Many perpetual holders continue to apply patches after SnS expiry. Broadcom has interpreted this as a license breach and has issued C&D letters. The risk is material: if you apply a post-expiry patch and that patch is later identified as causing a security vulnerability or data loss, Broadcom can claim you voided warranty and indemnification by using an unauthorized patch.

If you choose to apply post-expiry patches (often necessary for security vulnerabilities), document your process: (1) maintain a written policy justifying post-expiry patches, (2) require security or operational justification for each patch, (3) test patches in non-production before deployment, and (4) document the results and any issues. This documentation, if challenged, shows you took the decision seriously and assumed appropriate risk management.

Migration Strategy for Perpetual Holders

Perpetual license holders face a decision point in 2026: (1) renew to Broadcom subscriptions (likely at 2–5x the cost of perpetual maintenance), (2) migrate to alternative hypervisors (Nutanix AHV, Hyper-V, OpenStack), or (3) negotiate a settlement that limits future liability while planning long-term migration. The third path is often optimal.

A strategic settlement for perpetual holders might read: "Broadcom will not pursue retroactive core-based licensing claims for perpetual periods. Forward licensing (for versions released after Broadcom acquisition) will be charged at $X/core/year on a subscription basis. The customer commits to migrate 50% of perpetual workloads to [alternative hypervisor] within 36 months, reducing forward subscription exposure."

Five Contract Terms That Define Your Audit Exposure and Settlement Outcomes

When negotiating a settlement or a forward subscription agreement with Broadcom, five contract terms determine your exposure for future audit disputes, financial risk, and operational flexibility. Most customers do not negotiate these terms; those who do save millions. For enterprise-scale negotiations, see our Broadcom enterprise agreement strategic sourcing guide for advanced negotiation frameworks and precedent structures.

Term 1: Price Caps and Annual Rate Adjustments

Broadcom's list price for VCF is $350/core/year, but it increases annually (typically 8–15% per year). A multi-year agreement without a price cap subjects you to unlimited increases. A credible negotiated term: "Per-core pricing capped at $X/year for the first 24 months, with maximum annual increase of 5% thereafter, not to exceed list price." Price caps often reduce average cost by 20–30% over a 3-year term.

Term 2: Bilateral True-Up Provisions

Standard Broadcom true-up agreements allow Broadcom to audit and charge you if you under-licensed. But bilateral true-up allows you to recover overpayment if you licensed more than you used. Broadcom rarely offers bilateral true-up; it is negotiable and worth insisting on. A bilateral true-up clause with an audit frequency of once per 24 months creates a risk-neutral compliance environment and often results in credits to your account in years 2–3.

Term 3: Mid-Term Reduction Rights (The Most Valuable Provision)

Standard Broadcom agreements lock you into licensed core counts for the entire term. If you consolidate workloads and reduce from 200 to 144 cores mid-term, you still owe subscription fees for 200 cores. A negotiated mid-term reduction clause might read: "Customer may reduce licensed cores by up to 25% with 90 days' notice and no penalty. Reductions greater than 25% require Broadcom approval." This flexibility is worth 10–15% in effective cost savings and provides a strong hedge against future audit exposure. Always negotiate for at least 20% mid-term reduction rights.

Term 4: Mandatory Compliance Reporting Schedule

Broadcom requires compliance reporting on a defined schedule (typically quarterly). The reporting requirement is now contractual. Negotiate the specifics: What data must you submit? Who can access it? Can you submit a summary report instead of raw telemetry? Can you exclude test/development environments? Some customers negotiate exemptions for air-gapped, non-production environments, reducing reporting burden and telemetry exposure.

Term 5: Support Standardisation Requirement

Broadcom now requires that all hosts in an environment maintain the same support level (Standard, Enterprise, etc.). You cannot mix Standard and Enterprise support across the same vSphere cluster. This requirement increases cost and reduces flexibility. Negotiate an exception: "Support tiers may be mixed if the customer maintains separate vSphere clusters with distinct support assignments." This allows you to deploy Enterprise support only on production clusters and Standard support on dev/test, reducing costs by 20–30%.

Ten Priority Actions Before Broadcom Contacts You

Waiting until you receive an audit notice is reactive. Proactive compliance reduces exposure and shortens settlement timelines. Implement these ten actions now, before Broadcom initiates contact.

1. Conduct an internal self-audit: Using the same methodology Connor Consulting employs, inventory your vSphere hosts, reconcile actual deployment with license records, and identify gaps. Document gaps, root causes, and remediation plans. If Broadcom audits and finds gaps you have already identified and documented a remediation plan for, your exposure drops by 40–60%.
2. Consolidate license records in a system of record: Export all VMware purchase orders, renewal agreements, and license files into a structured system (spreadsheet, ITSM platform, or dedicated license management tool). Add metadata: purchase date, core count, subscription tier, SnS expiry, renewal status. Version this system and maintain a 12-month history. This becomes your primary defence document.
3. Establish a quarterly reconciliation rhythm: Every 90 days, run a host inventory report from vCenter, compare actual cores to licensed cores, and document any gaps. Create a signed-off reconciliation report. Store these reports for 7 years. Auditors will assume you maintained continuous compliance if you can produce quarterly reports showing active management.
4. Document your telemetry strategy: If telemetry is enabled, document why (security monitoring, capacity planning, etc.). If disabled, document the business reason and confirm that manual inventory substitutes for telemetry data. Auditors want to see intentional data management, not negligence.
5. Resolve known non-compliance immediately: If you are aware of gaps (expired SnS, under-licensed cores, unsupported versions in production), remediate now. Paying for corrective licensing voluntarily costs 2–5x less than paying during an audit. Contact Broadcom or a reseller and purchase true-up licenses before an audit begins.
6. Review your perpetual SnS expiry dates: If you hold perpetual VMware licenses with expired SnS, understand the implications and document your post-expiry patch policy. Are you applying patches released after SnS expiry? If so, document the governance and risk assessment. If not, ensure production systems can run without post-SnS patches.
7. Negotiate forward licensing terms now, not during an audit: If your current subscriptions expire within 12 months, begin renewal discussions with Broadcom immediately. Define the five critical terms (price caps, bilateral true-up, mid-term reduction, compliance reporting, support standardisation) in writing before the renewal contract is finalized. Negotiations are 5x easier before an audit trigger is detected.
8. Develop an alternative hypervisor assessment: Document the business case for migrating 20–50% of your environment to Nutanix AHV, Microsoft Hyper-V, or OpenStack. Include cost comparison, timeline, and resource requirements. A credible migration plan strengthens your settlement negotiating position significantly.
9. Engage audit defence counsel for a pre-audit review: Before Broadcom contacts you, have external counsel or an audit defence firm review your current compliance posture, identify potential exposure, and develop a defence strategy. A pre-audit review costs $30K–$60K and often prevents a $500K+ settlement by identifying and remediating gaps proactively.
10. Document your IT governance decisions in writing: Any board-level or steering committee decision to maintain perpetual licenses, defer subscription renewals, or undertake infrastructure consolidation should be documented and retained. This documentation demonstrates intent and accountability if audited. It also strengthens your negotiating position by showing that non-compliance (if any) was a strategic choice, not negligent oversight.

The Path Forward: Three Scenarios and Outcomes

Depending on your current compliance posture, your path forward differs. Understand which scenario describes your situation and the typical outcomes.

Scenario 1: Proactive Compliance Programme Already in Place

If you have quarterly reconciliation reports, documented compliance intent, and current licensing, Broadcom's audit (if initiated) will likely result in minimal findings or negotiated settlement at 20–30% below initial demands. Your engagement time is 3–6 months. Settlement cost as a percentage of base exposure: 10–15%. Outcome: You retain Broadcom as a vendor with favorable terms negotiated during settlement.

Scenario 2: Known Gaps with Partial Remediation Plan

If you are aware of compliance gaps but have begun remediation (e.g., under-licensed cores but purchasing true-up licenses quarterly), your settlement is typically 3–6 months of engagement with Broadcom accepting your remediation trajectory. Settlement cost as a percentage of base exposure: 25–40%. Outcome: Accelerated remediation schedule with possible credit for proactive purchases.

Scenario 3: Reactive Audit Response with Limited Documentation

If Broadcom initiates audit contact and you lack reconciliation records or documented compliance effort, expect 6–12 months of audit engagement and settlement at 60–90% of Connor's initial demand. This scenario is expensive and uncertain. Total engagement cost (internal + external counsel + settlement) often reaches 50%+ of the true-up exposure. Outcome: Settlement is likely, but terms are unfavourable and forward licensing costs are not negotiated downward.

Conclusion: Audit Defence as Strategic Advantage

Broadcom's shift from VMware's permissive compliance culture to aggressive audit-driven licensing enforcement has created material compliance risk for thousands of enterprises. But this shift also creates a strategic advantage for organizations that build proactive compliance programmes, understand core-based licensing mechanics, negotiate favorable settlement terms, and maintain documented evidence of intent and effort.

Your audit defence begins not when Broadcom contacts you, but today—with internal self-audit, documented reconciliation, and contract term negotiation. The enterprises that save the most money are those that address compliance proactively, not reactively.

If you are facing a Broadcom audit or cease-and-desist letter, you are not alone. Our specialists have defended 500+ VMware audit disputes, negotiated 100+ settlements, and helped enterprises recover from compliance gaps. We operate on the buyer side only, never for vendors. Request a confidential case review today.