IBM Audit Defence: US Airline Reduces Licensing Exposure from $14.2M to $1.1M

The Challenge

IBM Software License Review Arrives Mid-Transformation

The client — a major US airline with hub operations across multiple domestic and international routes — had been running a multi-year IT modernisation programme when the IBM Software License Review (SLR) notification arrived. The timing was no coincidence. IBM regularly aligns audit activity with high-value contract renewal windows, and the airline was approaching the end of a significant Passport Advantage agreement.

The airline's IBM estate was substantial: WebSphere Application Server clusters supporting reservation and check-in platforms, Db2 databases underpinning operational scheduling, and IBM MQ handling inter-system messaging across ground operations and cargo. The environment spanned on-premises infrastructure, VMware virtualisation, and a growing cloud footprint — a hybrid topology introducing meaningful sub-capacity licensing complexity.

The ILMT Gap at the Core of IBM's Claim

IBM's Passport Advantage terms require ILMT deployment across 100% of the virtualised estate to qualify for sub-capacity pricing. Where coverage is absent, IBM contractually defaults to full-capacity pricing — licensing every physical processor core on the host server, regardless of actual IBM software consumption.

During an infrastructure migration eighteen months earlier, ILMT had been deprovisioned from a segment of the VMware cluster and never redeployed. At the point of IBM's SLR notification, ILMT coverage stood at 68%. IBM's audit team identified the gap immediately and applied full-capacity pricing to every uncovered server, producing a preliminary claim of $14.2M across WebSphere, Db2, and IBM MQ.

The airline's internal IT team, while technically competent, had no prior experience navigating an IBM Software License Review. The IBM audit team imposed an eight-week response deadline. The risk of accepting IBM's preliminary position was not simply the $14.2M settlement — it was the loss of sub-capacity licensing rights going forward, which would increase the airline's ongoing IBM spend by an estimated $2.8M annually.

The Approach

Phase 1: Infrastructure Inventory and Risk Stratification

Redress engaged a specialist IBM+ILMT team within 48 hours of the client's contact. The first priority was a complete infrastructure inventory: every physical host, every virtual machine, and every IBM product deployment mapped against entitlement records from Passport Advantage. The team categorised servers into three risk tiers — those with full ILMT coverage and clean sub-capacity data, those with partial coverage where vCenter and hypervisor logs could provide supporting evidence, and those with no ILMT data where IBM's full-capacity position would require direct challenge.

Of the 142 servers in scope, 97 had clean ILMT data fully supporting sub-capacity calculations. Thirty-one servers fell into the partial coverage category with recoverable hypervisor evidence. Fourteen servers had neither ILMT data nor usable hypervisor logs — representing the genuine compliance exposure within IBM's claim.

Phase 2: ILMT Remediation and Evidence Construction

Redress immediately deployed ILMT across all previously uncovered servers. While ILMT cannot be backdated to produce historical audit snapshots, deployment within the audit window demonstrates good-faith remediation — a factor IBM auditors weigh when assessing whether gaps represent deliberate avoidance or administrative deficiency. For the 31 partial-coverage servers, the team extracted vCenter utilisation logs and VMware vSphere capacity reports spanning the full audit period, establishing a consistent sub-capacity consumption pattern independent of ILMT.

Phase 3: IBM Claim Deconstruction

IBM's $14.2M preliminary claim contained three categories of error beyond the ILMT gap: product version misidentification on six Db2 instances (Advanced Edition pricing applied to standard deployments), double-counting of WebSphere entitlements already covered under a prior ELA, and list pricing applied rather than the client's negotiated Passport Advantage rates. Correcting these errors substantially reduced the legitimate claim basis before any sub-capacity negotiation began.

Phase 4: Negotiation with IBM's Audit and Sales Teams

IBM Software License Reviews involve two separate teams: the audit team that produces the initial claim, and the sales team that controls settlement terms. A common mistake is negotiating exclusively with the audit team, which has limited authority to deviate from methodology. Redress engaged both simultaneously — using the corrected claim basis to establish the factual floor while working with the account team on a commercial settlement preserving forward-going sub-capacity rights.

The administrative deficiency argument was central: the ILMT gap arose from a migration window, not deliberate avoidance. IBM has both commercial and reputational incentive to distinguish between infrastructure complexity and bad-faith licensing conduct, and the hypervisor evidence provided the factual basis for that distinction.

The Outcome

Settlement: $14.2M Reduced to $1.1M

IBM accepted the counter-position on the corrected product classifications, the ELA double-counting, and the hypervisor evidence for the 31 partial-coverage servers. The $1.1M settlement represented the genuine entitlement shortfall on the fourteen fully uncovered servers at negotiated Passport Advantage rates — the actual compliance gap acknowledged by both parties.

Sub-Capacity Rights Preserved

Critically, the settlement preserved the airline's sub-capacity licensing rights in full. IBM's audit resolution confirmed ILMT coverage at 100% as of the remediation date, and the airline's forward-going entitlement structure was maintained under sub-capacity terms. The annual cost avoidance from preserving sub-capacity pricing is estimated at $2.8M per year based on the difference between sub-capacity and full-capacity rates across the IBM estate.

Structural Improvements to IBM Licensing Governance

Following resolution, Redress implemented a quarterly IBM licensing governance framework: automated ILMT health checks with alerting on coverage below 95%, a change management protocol requiring ILMT verification before any infrastructure migration, and twice-yearly entitlement reconciliation against Passport Advantage records. The framework reduces future ILMT gap risk and provides the documentation infrastructure to defend any subsequent IBM SLR from a position of strength.

Key Lessons

ILMT gaps are the primary driver of IBM audit exposure. IBM's methodology converts any server outside ILMT coverage into a full-capacity liability. Even a brief deprovisioning window during a migration can produce multi-million dollar exposure. ILMT coverage monitoring must be a continuous operational process, not a periodic compliance exercise.

IBM's preliminary claims routinely contain calculation errors. Product misidentification, ELA double-counting, and list-price rather than contract-rate calculations are common in preliminary SLR claims. The opening figure is a starting position, not a final liability determination — always deconstruct it before responding.

Hypervisor evidence can substitute for missing ILMT data. Where vCenter or vSphere logs demonstrate consistent sub-capacity IBM software consumption across a gap period, this provides a factual counter to IBM's full-capacity default. IBM auditors can accept hypervisor-sourced evidence when it is comprehensive and properly formatted.

Engage both IBM's audit and sales teams simultaneously. IBM Software License Reviews are resolved commercially, not purely on audit findings. The IBM account team has authority to structure settlements the audit team alone cannot offer. Parallel engagement with a consistent fact-based counter-position is the most effective negotiation architecture.