IBM Sub-Capacity Licensing Risk Assessment: 15-Point Checklist

IBM's sub-capacity pricing requires continuous ILMT coverage. A single unmonitored host running IBM software converts that product's licence obligation from sub-capacity (VM-level PVUs) to full-capacity (physical host-level PVUs). In large estates, host coverage gaps are common: new VMs provisioned without ILMT agent, hosts migrated between clusters where ILMT is not deployed, or cloud-burst workloads on infrastructure outside ILMT scope. IBM auditors cross-reference ILMT hardware inventory against CMDBs and VMware vCenter exports. Every host present in vCenter but absent from ILMT is an audit finding.

ILMT agents that fail to scan produce no sub-capacity data for that period. IBM treats missing scan data the same as non-deployment: if you cannot evidence sub-capacity utilisation for a period, IBM defaults to full-capacity billing for that period. Common scan failure causes include network segmentation blocking ILMT agent communication, agent version incompatibilities after OS patching, and database capacity limits on the ILMT server. Establish a weekly ILMT scan health dashboard and require the SAM team to resolve all scan failures within five business days.

Cloud deployments of IBM software present the highest sub-capacity risk in most enterprise estates. Many cloud instance types do not qualify for sub-capacity PVU pricing at all, requiring full-capacity licensing. For those that do qualify, ILMT must be deployed within the cloud environment — cloud workloads are not automatically visible to an on-premises ILMT server. Organisations that deployed IBM software in the cloud during pandemic-era infrastructure expansion frequently have cloud IBM deployments that have never been in ILMT scope. A dedicated cloud IBM software discovery sweep is warranted if cloud expansion occurred after 2020.

IBM's sub-capacity pricing is not available for all hypervisors. IBM publishes an approved virtualisation technology list for sub-capacity licensing. Hypervisors not on this list — including some container orchestration platforms and niche virtualisation technologies — require full-capacity PVU licensing. Container-based IBM software deployments (Kubernetes, OpenShift) have specific sub-capacity rules that differ from traditional VM deployments and have evolved significantly since 2020. Validate the hypervisor eligibility status of every IBM software deployment, particularly for non-VMware and non-Hyper-V environments.

IBM requires quarterly ILMT sub-capacity reports as the evidence basis for sub-capacity pricing. A report with unresolved 'software not assigned' warnings, products in 'manual reconciliation' state, or calculation errors is not a compliant report. IBM auditors examine the status fields of every report you produce. Reports with persistent warnings imply that ILMT-calculated sub-capacity figures may be inaccurate. Assign a named owner to resolve every ILMT compliance warning within 30 days of appearance and document the resolution rationale.

IBM auditors typically request two years of historical ILMT data. ILMT's internal database retains historical data, but database migrations, ILMT upgrades, and server failures can result in data loss. The safe practice is to export quarterly reports as PDFs at the close of each quarter and store them in an external, version-controlled document repository. Organisations that rely solely on the ILMT internal database for historical evidence frequently discover data gaps when preparing audit responses. If you identify historical gaps, engage an IBM licensing advisor before the audit data request arrives, not after.

ILMT discovery and contractual entitlement reconciliation are two independent datasets. ILMT may discover IBM products that are installed but not licenced (compliance gap) or entitlements may exist for products that ILMT shows as not deployed (potential waste). Running this reconciliation quarterly produces two critical outputs: it identifies compliance gaps before IBM does, and it identifies entitlement waste for challenge at renewal. The reconciliation report is also the most compelling evidence you can produce in an IBM audit — demonstrating that you manage IBM compliance proactively.

IBM's Passport Advantage agreements are entity-specific. A parent company's Passport Advantage agreement does not automatically extend coverage to subsidiaries unless they are explicitly enrolled or covered by a group agreement. Subsidiary entities deploying IBM software under the assumption of parental coverage are technically unlicensed. This is a common finding in IBM audits of recently acquired or restructured organisations. Review Passport Advantage enrolment against the current corporate entity structure annually.

IBM's licensing terms follow the beneficiary of the software, not the party that operates it. If a managed service provider runs IBM WebSphere Application Server on infrastructure they manage, but the software serves your business processes, your organisation holds the licence obligation — not the provider. Outsourcing contracts frequently contain licensing assumptions that are never validated against IBM's terms. Require any third party operating IBM software on your behalf to provide written confirmation of the licensing basis and validate it against your Passport Advantage entitlements.

Sub-capacity licensing is the default cost-reduction strategy for virtualised IBM estates, but some deployments legitimately require full-capacity licensing. The risk runs in both directions: applying sub-capacity rules to ineligible deployments understates licence requirements, while applying full-capacity to eligible deployments over-states them. Documenting the rationale for every full-capacity deployment — with reference to IBM's eligibility criteria — demonstrates a controlled compliance approach and provides a basis for challenging IBM's full-capacity assumptions if they surface in an audit.

The window between IBM software deployment and ILMT registration is a compliance gap. In an audit, IBM will request the deployment date of every IBM product from your CMDB or change management records. If ILMT data shows the product was first discovered weeks after the deployment date, IBM will back-charge for the unmonitored period at full-capacity rates. Integrate ILMT agent deployment into your standard server and VM provisioning workflow so that ILMT monitoring is active before IBM software is installed, not retrospectively enabled.

VM live migration can silently increase PVU obligations. An IBM WebSphere VM migrating from a host with 70 PVU-per-core processors to a host with 120 PVU-per-core processors doubles the PVU charge for that VM from the moment of migration. ILMT captures the maximum PVU value during the reporting period, meaning even a brief migration to a higher-PVU host is reflected in that period's charge. Place IBM software VMs in dedicated DRS clusters with PVU-equivalent hosts, or apply VM affinity rules that prevent migration to higher-PVU hosts without manual approval.

Decommissioned IBM software continues to generate licence obligations if the installation is not properly removed and ILMT continues to discover it. Equally, if you claim software has been decommissioned but ILMT continues to report it, IBM will charge for it regardless of your operational intent. The decommissioning evidence chain must include: change management record of removal, ILMT scan post-removal showing zero instances, and archived ILMT report confirming clean status. This documentation is the defence against IBM claiming continued licence obligations for software you believe was terminated.

IBM's licence terms do not carve out workstation or laptop deployments. A developer installing IBM Db2 Community Edition for local testing, or WebSphere Liberty for local development, creates a licence obligation unless the specific product and edition is explicitly free. Developers routinely install IBM software from download portals without recognising the licence implications. ILMT typically does not cover workstations. A workstation IBM software sweep — via endpoint management tools — should be included in the annual entitlement reconciliation.

IBM's internal compliance teams, reseller licence reviews, and ILMT-based self-assessments all carry an inherent bias toward IBM's commercial interests or toward minimising consulting cost. An independent review — conducted by an advisor compensated solely by the customer — produces an objective assessment of where your sub-capacity compliance stands, what your honest IBM audit exposure is, and what optimisation opportunities exist. Our independent IBM sub-capacity reviews typically surface both compliance gaps requiring remediation and over-licensing representing 10 to 20 percent of IBM distributed software spend.