Technology — United States · IBM WebSphere, Cloud Pak, DB2, Tivoli, Instana · 2023 Engagement
01 Executive Summary: $82M IBM Audit Exposure Reduced to $600K
A rapidly growing U.S.-based technology company providing enterprise software solutions and cloud-native data platforms was subjected to a formal IBM licence compliance audit in late 2023.
The company operated a large hybrid infrastructure spanning on-premises data centres, private cloud, and Kubernetes-orchestrated container environments. It depended heavily on IBM technologies including WebSphere Liberty, Cloud Pak for Integration, DB2, Tivoli, and Instana.
IBM assigned the audit to an external Big Four accounting firm. The audit findings, based on full-capacity pricing assumptions, incomplete ILMT coverage, and aggressive interpretation of container and virtualisation licensing, produced an initial claim of $82 million.
By engaging Redress Compliance for IBM audit defence, the company reduced the exposure to $600K. A 99.3% reduction. Within three months.
The defence dismantled full-capacity assumptions through ILMT remediation. It challenged Kubernetes container licensing methodology. It reconciled legacy PVU and RVU entitlements against actual usage. And it negotiated a commercially reasonable resolution based on verified deployment data.
| Metric | IBM Audit Claim | Actual Outcome | Impact |
|---|---|---|---|
| Total audit exposure | $82,000,000 | $600,000 | 99.3% reduction. $81.4M eliminated |
| Full-capacity pricing uplift | ~$58M (VMware and K8s) | Eliminated via ILMT remediation + sub-capacity defence | Largest single claim component removed |
| Kubernetes/container licensing | ~$14M (full-cluster node licensing) | Challenged and reduced to actual pod usage | Container licensing methodology corrected |
| Legacy PVU/RVU misalignment | ~$7M (outdated metric calculations) | Reconciled against current entitlements | Entitlements properly credited |
| Remaining genuine gap | — | $600K. Limited additional licences | Commercially reasonable resolution |
| Time to resolution | — | 3 months | Rapid defence and closure |
IBM's $82M audit claim was constructed primarily from full-capacity pricing assumptions triggered by incomplete ILMT deployment, aggressive Kubernetes container licensing interpretation, and legacy entitlement mismatches. Systematic deconstruction of each claim element, backed by technical remediation and verified usage data, reduced the exposure by 99.3%. The actual compliance gap was $600K. Less than 1% of IBM's original demand.
02 Background: High-Growth Tech Company Meets IBM Audit Complexity
The company's IBM licensing exposure was a product of rapid growth outpacing licence governance. A pattern common in technology companies where engineering velocity takes priority over software asset management.
Hybrid Infrastructure at Scale
The company operated a complex hybrid environment. On-premises VMware-virtualised data centres running DB2 and WebSphere workloads. Private cloud infrastructure with Kubernetes clusters orchestrating containerised microservices. And customer-facing SaaS platforms built on IBM Cloud Pak for Integration and Instana for observability.
This hybrid architecture spanning traditional virtual machines, containers, and cloud-native deployments created licensing complexity that IBM's audit methodology exploited aggressively.
IBM Product Portfolio
Five Key IBM Technologies Under Audit
| IBM Product | Deployment | Licence Metric | Audit Risk Area |
|---|---|---|---|
| WebSphere Liberty | 200+ instances across VMs and containers | PVU | Full-capacity applied where ILMT gaps existed |
| Cloud Pak for Integration | Kubernetes-native microservices integration | VPC | Full-node licensing applied instead of pod-level |
| DB2 | Enterprise databases: production, DR, dev/test | PVU | Full-capacity on VMware clusters; DR counted as production |
| Tivoli (ITM/ITCAM) | Monitoring and management across estate | PVU / RVU | Legacy entitlements mismatched against current deployment |
| Instana | APM and observability in container environments | Per-host | Host count inflated by ephemeral container nodes |
ILMT Coverage Gaps
IBM's sub-capacity licensing terms allow customers to pay only for the processors actually used by IBM software rather than the full physical server capacity. But they require deployment of ILMT (IBM License Metric Tool) across all virtualised environments.
The company had ILMT deployed on approximately 70% of its virtual estate. The remaining 30%, primarily newer Kubernetes worker nodes and recently provisioned VMware hosts, lacked ILMT agents.
Under IBM's Passport Advantage terms, any environment without ILMT defaults to full-capacity pricing. Licensing the entire physical server, not just the resources used by IBM software.
This single gap, ILMT coverage at 70% rather than 100%, was the primary driver of the $82M claim. The Big Four auditors applied full-capacity pricing to every server without an ILMT agent, treating the theoretical maximum processor capacity as the licensing basis.
Kubernetes Licensing: The New Frontier
IBM's licensing rules for containerised environments are relatively new and aggressively interpreted during audits. The auditors treated entire Kubernetes worker nodes as requiring full-capacity licensing for any IBM software running in pods on those nodes. Even where IBM workloads consumed only a fraction of the node's resources.
For a company running hundreds of Kubernetes nodes with diverse workloads (most non-IBM), this produced massively inflated licence requirements.
Verify ILMT coverage is 100%. Every virtualised server running IBM software must have an ILMT agent. Any gap triggers full-capacity pricing, potentially multiplying your licence requirement by 10 to 20 times. This is the single highest-risk factor in IBM audits.
Understand your Kubernetes licensing exposure. If you run IBM software in containers, know IBM's container licensing rules and ensure you can demonstrate pod-level resource limits. Full-node licensing is IBM's default. You must prove sub-capacity entitlement.
Reconcile PVU/RVU entitlements regularly. Legacy IBM entitlements often use metrics that don't map cleanly to current infrastructure. Annual reconciliation prevents audit surprises.
Don't face a Big Four auditor alone. IBM's external auditors are incentivised to maximise findings. Independent IBM licensing expertise levels the playing field from day one.
03 Phase 1: Audit Findings Deconstruction. Dismantling the $82M Claim
The first phase systematically deconstructed every element of the Big Four auditor's $82M finding. Identifying where assumptions, methodology errors, and overcounting had inflated the claim far beyond the actual compliance gap.
Full-Capacity Pricing Challenge (~$58M)
The largest component, approximately $58M, came from full-capacity pricing applied to servers without ILMT agents. The auditors identified 30% of the virtual estate without ILMT coverage and applied full-physical-server PVU calculations across those environments.
This meant a VMware host with 40 cores running a single 4-vCPU IBM DB2 instance was priced at 40 cores multiplied by the PVU multiplier. Not 4 vCPUs. Across hundreds of servers, this multiplier produced astronomical licence requirements.
The advisory team's response was two-pronged. Immediate ILMT remediation, deploying agents to all uncovered servers and generating compliant scan data. And historical usage reconstruction, using vCenter performance data, CMDB records, and infrastructure monitoring to demonstrate that IBM software was never deployed at the capacity levels the auditors assumed.
Kubernetes Container Licensing Challenge (~$14M)
The second-largest component, approximately $14M, stemmed from the auditors licensing entire Kubernetes worker nodes for IBM Cloud Pak and WebSphere Liberty pods. The advisory team challenged this on three grounds.
Resource Limits Were Defined
Kubernetes deployments had CPU resource limits configured on IBM pods. The container orchestrator enforced maximum resource consumption. The licence requirement should be based on pod resource limits, not node capacity.
Node Isolation Was Achievable
IBM workloads could be constrained to dedicated node pools via taints, tolerations, and node affinity rules. This reduced the licensing footprint to only those nodes actually running IBM software.
Ephemeral Nodes Were Overcounted
Kubernetes auto-scaling meant nodes were created and destroyed dynamically. The auditors counted every node that had ever hosted an IBM pod, not the concurrent maximum. This inflated the count significantly.
Legacy PVU/RVU Entitlement Reconciliation (~$7M)
The remaining ~$7M came from mismatches between legacy entitlements and current deployments. The advisory team conducted a complete entitlement reconciliation.
| Claim Element | Auditor's Basis | Defence | Reduction |
|---|---|---|---|
| Full-capacity VMware (~$58M) | No ILMT on 30% of hosts. Full physical server PVU | ILMT remediated; historical vCenter data proves sub-capacity usage | ~$57.4M eliminated |
| Kubernetes full-node (~$14M) | Entire K8s worker nodes licensed for IBM pods | Pod resource limits demonstrated; node isolation implemented; ephemeral nodes excluded | ~$13.5M eliminated |
| PVU/RVU mismatch (~$7M) | Legacy metrics applied to current infrastructure | Entitlement reconciliation; unused entitlements credited; metric conversions applied | ~$6.5M eliminated |
| DR/dev-test overcounting (~$3M) | DR and dev environments counted as full production | IBM Passport Advantage terms for non-production; cold standby DR excluded | ~$3M eliminated |
| Total: $82M | — | — | $81.4M eliminated. $600K remaining |
04 Phase 2: ILMT Remediation. Eliminating the Full-Capacity Trigger
The single most impactful remediation action was restoring 100% ILMT coverage across the entire virtual estate. This removed IBM's basis for full-capacity pricing.
ILMT Agent Deployment
The advisory team coordinated with the company's infrastructure team to deploy ILMT agents to every server in the virtual estate that had been missing coverage. This included recently provisioned VMware ESXi hosts not included in the original ILMT deployment, Kubernetes worker nodes (both persistent and auto-scaled), development and test environments excluded from ILMT deployment, and disaster recovery servers treated as out-of-scope by the internal IT team but in-scope by IBM's audit methodology.
Full deployment was completed within two weeks. The fastest path to removing the full-capacity pricing basis. ILMT scans were then run to generate current sub-capacity data showing actual IBM software PVU consumption across the entire estate.
Historical Usage Reconstruction
ILMT remediation addresses current licensing. But the auditors had also applied full-capacity pricing for the historical period. The audit looked back approximately two years. The advisory team constructed a historical usage defence using multiple data sources.
| Data Source | What It Proved | Impact on Claim |
|---|---|---|
| vCenter performance data (24 months) | Actual CPU utilisation per VM; IBM workloads never approached host capacity | Disproved full-capacity assumption for historical period |
| CMDB records | Server provisioning/decommissioning dates; VM-to-host mappings | Proved several audited servers were decommissioned during audit period |
| Kubernetes cluster metrics (Prometheus/Grafana) | Pod-level CPU consumption; node scaling events; IBM pod scheduling patterns | Demonstrated IBM pods consumed fraction of node capacity |
| Change management records | IBM software installation/removal dates; environment lifecycle | Proved several environments were dev/test, not production |
| DRS/vMotion logs | VM migration patterns; workload distribution across hosts | Showed IBM VMs concentrated on subset of hosts, not distributed across full cluster |
The ILMT Compliance Argument
IBM's sub-capacity licensing terms require ILMT to be "deployed and reporting." The advisory team presented IBM with evidence that ILMT was deployed and reporting on 70% of the estate throughout the audit period. The 30% gap was due to infrastructure scaling. New servers being provisioned faster than ILMT agents were deployed. Not deliberate avoidance.
Combined with the historical usage data showing sub-capacity consumption across the entire estate, the advisory team argued that full-capacity pricing was disproportionate. A penalty that bore no relationship to actual IBM software usage.
Automate ILMT deployment in provisioning pipelines. Every new server, VM or container node, should get an ILMT agent as part of its build process. Manual deployment creates coverage gaps as infrastructure scales.
Run ILMT scans at least every 30 days. IBM requires periodic scan data. Quarterly scans are the minimum. Monthly is recommended for audit defensibility.
Monitor ILMT coverage continuously. Dashboard alerting when ILMT coverage drops below 100%. A single uncovered server can trigger full-capacity pricing for the entire cluster.
Retain vCenter and Kubernetes metrics for 24+ months. Historical performance data is your backup defence if ILMT coverage was incomplete during any period. Without it, IBM's full-capacity assumption stands unchallenged.
05 Phase 3: Kubernetes Container Licensing Defence
The Kubernetes container licensing challenge represented the most technically complex and commercially significant element of the defence. IBM's container licensing rules are evolving, and audit teams frequently apply the most aggressive interpretation available.
IBM's Container Licensing Framework
IBM offers sub-capacity licensing for containerised environments, but the requirements are strict. Container CPU resource limits must be defined in the Kubernetes deployment manifests. The IBM License Service (ILS) or ILMT must be deployed in the Kubernetes cluster to meter container-level usage. Without both conditions met, IBM defaults to full worker node licensing. Treating the entire node's processor capacity as the licence basis.
The auditors found that while CPU resource limits were defined on most IBM pods, the IBM License Service was not deployed on all Kubernetes clusters. This led to the full-node default on approximately 60% of the company's Kubernetes worker nodes.
The Defence Strategy
| Defence Element | Evidence | Impact |
|---|---|---|
| CPU resource limits | Kubernetes deployment manifests showed CPU limits on all IBM pods | Demonstrated intended sub-capacity; IBM pods capped at defined resources |
| IBM License Service deployment | Deployed across all clusters within 10 days of audit notification | Current-state compliance demonstrated |
| Pod-level usage metrics | Prometheus/Grafana data showing actual CPU consumption per IBM pod over 18 months | Proved IBM pods consumed 8 to 15% of node capacity, not 100% |
| Node isolation (post-remediation) | IBM workloads moved to dedicated node pools via taints/tolerations | Reduced licensing footprint to dedicated IBM nodes only |
| Ephemeral node exclusion | Kubernetes event logs showing auto-scaled nodes with under 24hr lifespan | Transient nodes excluded from persistent licensing basis |
The Container Licensing Precedent
This defence established an important precedent for the company's ongoing Kubernetes licensing posture. By implementing dedicated IBM node pools, deploying IBM License Service across all clusters, and maintaining documented CPU resource limits, the company can now demonstrate sub-capacity container licensing compliance on an ongoing basis. This prevents future audits from applying the full-node default that drove the $14M claim.
06 Phase 4: Negotiation and Audit Closure
With the technical defence assembled, ILMT remediated, container licensing challenged, entitlements reconciled, and historical usage documented, the advisory team managed the formal negotiation with IBM.
The Evidence Package
The negotiation was anchored on a comprehensive evidence package. ILMT scan reports showing current sub-capacity compliance across 100% of the estate. vCenter performance data demonstrating historical sub-capacity usage for the audit lookback period. Kubernetes pod-level metrics proving IBM workloads consumed a fraction of node capacity. Entitlement reconciliation showing existing PVU/RVU rights not credited in the audit findings. And DR/dev-test documentation proving non-production environments were overcounted.
IBM's Response and Counter-Position
IBM's initial response to the defence was predictable. They acknowledged the ILMT remediation as valid for current-state but argued full-capacity should still apply for the historical period.
The advisory team countered with the vCenter and Kubernetes metrics showing consistent sub-capacity usage throughout the audit period. It presented industry precedent establishing that ILMT gaps caused by infrastructure scaling, not deliberate avoidance, should be treated as administrative deficiencies. Not grounds for full-capacity penalty pricing.
The $600K Resolution
| Resolution Element | Detail | Cost |
|---|---|---|
| Additional DB2 PVU licences | Genuine under-licensing for 2 production environments identified during reconciliation | $350K |
| WebSphere Liberty true-up | Minor PVU shortfall on 3 application server instances | $150K |
| Instana host adjustment | Host count reconciliation for monitoring platform | $100K |
| Total resolution | — | $600K (vs $82M original claim) |
The $600K represented the genuine compliance gap. Actual under-licensing that the company acknowledged. Everything else in the $82M claim was either methodological inflation (full-capacity defaults), overcounting (ephemeral nodes, DR environments), or entitlement credit failures (PVU/RVU rights not accounted for).
The 99.3% reduction wasn't a negotiation concession. It was the difference between IBM's inflated audit methodology and verified reality.
"When IBM's auditors presented an $82 million finding, our board was understandably alarmed. Redress Compliance systematically proved that 99% of the claim was based on methodology assumptions that didn't reflect our actual usage. The ILMT remediation, the Kubernetes defence, and the entitlement reconciliation. Each layer removed tens of millions from the exposure. We resolved at $600K, which was fair for what we actually owed. Without Redress, we would have been negotiating from a completely false baseline."
07 Key Lessons: IBM Audit Defence for Technology Companies
This engagement illustrates principles that apply to any technology company. Particularly those running IBM software in hybrid and container environments.
ILMT Coverage Is the Single Highest-Risk Factor
The $58M full-capacity component, 71% of the total $82M claim, was triggered solely by incomplete ILMT deployment. Full-capacity pricing is IBM's most aggressive licensing position, and it's applied automatically when ILMT is missing. For a company with 100 VMware hosts, the difference between sub-capacity and full-capacity can be 10 to 20 times in PVU count. Maintaining 100% ILMT coverage is the single most important IBM compliance action any organisation can take.
Kubernetes Container Licensing Is the Next Audit Battleground
As enterprises containerise IBM workloads, container licensing will become the dominant audit issue. Replacing VMware sub-capacity as the primary area of dispute. IBM's container licensing rules are strict, the audit methodology aggressively applies full-node defaults, and most organisations don't yet have the metering infrastructure (IBM License Service) to prove sub-capacity. Proactive implementation of dedicated IBM node pools, CPU resource limits, and IBM License Service metering is essential.
Big Four Auditors Maximise Findings
IBM's external auditors are incentivised to produce large findings. Larger findings create more commercial pressure and justify the audit process. Accepting audit findings at face value is the most expensive mistake an enterprise can make. Independent review typically reveals that 60 to 95% of IBM audit claims are based on methodology assumptions rather than genuine non-compliance.
Historical Data Is Your Safety Net
When ILMT coverage was incomplete, the company's defence relied on vCenter performance data, Kubernetes metrics, and CMDB records to prove sub-capacity usage. Without this data, IBM's full-capacity assumption would have been much harder to challenge. Retain infrastructure performance data for a minimum of 24 months. It's your insurance policy against audit claims.
| Lesson | Action |
|---|---|
| ILMT coverage must be 100% | Automate ILMT in provisioning; monitor coverage continuously; monthly scans minimum |
| Container licensing needs proactive compliance | IBM License Service on all K8s clusters; CPU limits on all IBM pods; dedicated node pools |
| Don't accept audit findings at face value | Independent review before responding. 60 to 95% of claims are methodological inflation |
| Retain historical infrastructure data | vCenter, Prometheus/Grafana, CMDB for 24+ months. Essential backup for ILMT gaps |
| Reconcile entitlements before auditors do | Annual PVU/RVU reconciliation. Ensure all purchased entitlements are credited |
08 Wider Context: IBM Audit Defence Results Across Industries
The $82M to $600K resolution is part of a consistent pattern across IBM audit defence engagements. IBM audit claims are systematically inflated across industries, geographies, and company sizes.
| Client | Industry | IBM Claim | Outcome | Reduction |
|---|---|---|---|---|
| NY Financial Institution | Financial Services | $198.8M | Avoided entirely | ~100% |
| US Technology Firm | Technology | $82M | $600K | 99.3% |
| PA Manufacturer | Manufacturing | $32M | $1.3M | 96% |
| Samsung | Technology | — | $23M saved | Proactive optimisation |
| Indosat | Telecommunications | — | $8M saved | Internal assessment |
| Swedish Bank | Banking | Significant | Major reduction | 90%+ |
| German Automotive | Automotive | Significant | Major reduction | 90%+ |
| University of Oregon | Education | Full audit claim | All costs avoided | 100% |
Across these engagements spanning financial services, technology, manufacturing, telecommunications, banking, automotive, and education, the consistent finding is that IBM audit claims are 80 to 99% inflated relative to the actual compliance gap.
Full-capacity pricing defaults, overcounting of non-production environments, failure to credit existing entitlements, and aggressive container and virtualisation methodology produce headline numbers that bear little relationship to genuine under-licensing. Expert deconstruction consistently reveals the true gap is a fraction of the original claim.
09 How Redress Compliance Supports IBM Audit Defence
| Service | Duration | Fee Model | Typical Outcome |
|---|---|---|---|
| IBM Audit Defence Service | Duration of audit | Fixed fee | 80 to 99% reduction in IBM audit claims |
| IBM Licensing Assessment | 4 to 8 weeks | Fixed fee | Proactive risk identification; remediation before audit |
| IBM Negotiations Service | Variable | Fixed fee | Optimised commercial terms; reduced spend |
| IBM ELA Renewal Service | 4 to 12 weeks | Fixed fee | Right-sized renewals; eliminated shelfware |
Our IBM Audit Defence approach covers technical deconstruction, analysing every finding line-by-line and challenging full-capacity assumptions, ILMT methodology, container licensing interpretations, entitlement credits, and non-production overcounting.
We coordinate ILMT and container remediation, including ILMT deployment, IBM License Service implementation, and Kubernetes node isolation to establish compliant metering.
Where ILMT coverage was incomplete, we build sub-capacity defence cases using vCenter, Kubernetes metrics, CMDB records, and change management data.
We manage all IBM communications, present the evidence package, and negotiate resolution based on verified usage. Not the auditor's inflated methodology.
100% vendor-independent. No commercial relationships with IBM, any IBM reseller, or any Big Four audit firm. Our advice is based solely on your interests.
10 Action Plan: Defending Against IBM Audit Claims
| # | Action | Timing | Expected Impact |
|---|---|---|---|
| 1 | Ensure 100% ILMT coverage across all virtualised environments. Every VMware host, every Kubernetes worker node, every cloud VM running IBM software must have an ILMT agent deployed and reporting. Automate deployment in provisioning pipelines. | Immediate | Eliminates full-capacity pricing. The single largest IBM audit risk factor |
| 2 | Deploy IBM License Service on all Kubernetes clusters. If you run IBM software in containers, ILS must be active. Define CPU resource limits on all IBM pods. Consider dedicated node pools for IBM workloads. | Within 30 days | Establishes sub-capacity container licensing compliance |
| 3 | Reconcile all PVU/RVU entitlements against current deployments. Map every purchased IBM licence to its current deployment. Identify unused entitlements that can offset any gaps. Update metric calculations for current hardware. | Within 60 days | Prevents entitlement credits being missed in audit findings |
| 4 | Retain infrastructure performance data for 24+ months. vCenter performance metrics, Kubernetes pod metrics (Prometheus), CMDB records, and change management logs. This is your backup defence for any ILMT coverage gaps. | Ongoing | Provides historical sub-capacity evidence if ILMT data is incomplete |
| 5 | Classify all IBM environments accurately. Production, development, test, DR, training. Each has different licensing implications under Passport Advantage. Ensure non-production environments aren't being counted as production. | Within 30 days | Prevents overcounting of non-production deployments |
| 6 | When IBM audits, don't respond without independent expertise. Big Four auditors are incentivised to maximise findings. Independent IBM licensing expertise should review all audit communications, challenge methodology, and lead the negotiation. | At audit notification | 80 to 99% claim reduction based on consistent track record |
IBM presented an $82M audit finding against a technology company. 99.3% of that claim was methodology inflation. Full-capacity pricing from ILMT gaps, full-node Kubernetes licensing, uncredited entitlements, and overcounted non-production environments. The actual compliance gap was $600K. Every enterprise with significant IBM deployments should assume their audit exposure is similarly inflated. And should prepare their ILMT, container metering, and entitlement documentation accordingly.
Frequently Asked Questions
Through systematic deconstruction of each claim element. ILMT remediation eliminated approximately $58M in full-capacity pricing by deploying agents to all uncovered servers and providing historical sub-capacity evidence. Kubernetes container licensing defence reduced approximately $14M by proving pod-level resource limits and excluding ephemeral nodes. PVU/RVU entitlement reconciliation credited approximately $7M in existing rights. And non-production environment reclassification removed approximately $3M in overcounted DR and dev/test systems.
ILMT (IBM License Metric Tool) is IBM's required software metering tool for sub-capacity licensing. Without ILMT deployed on every virtualised server, IBM defaults to full-capacity pricing. That means licensing the entire physical server's processor capacity rather than just the resources used by IBM software. This multiplier, typically 10 to 20 times, is the single largest source of inflated IBM audit claims.
IBM requires CPU resource limits on containerised IBM workloads and deployment of IBM License Service (ILS) for metering. Without both, IBM defaults to full worker node licensing, treating the entire node's processor capacity as the licence basis. Dedicated IBM node pools, documented CPU limits, and ILS deployment are required for sub-capacity container licensing compliance.
PVU (Processor Value Unit) is IBM's primary licence metric, calculated based on processor type and core count. RVU (Resource Value Unit) is used for some middleware and database products, calculated based on specific resource metrics. Both require careful mapping to current hardware. Legacy entitlements purchased for older processors may need metric recalculation for current infrastructure.
IBM's external auditors, typically Big Four firms, apply the most aggressive methodology available. Full-capacity pricing for any ILMT gap, full-node licensing for containers, production pricing for all environments, and current list prices for all shortfalls. This methodology produces headline numbers 80 to 99% above the actual compliance gap. The inflation isn't an error. It's a commercial strategy designed to create maximum negotiating pressure.
Typically 2 to 4 months from initial audit notification to resolution. Phase 1 (findings deconstruction): 2 to 3 weeks. Phase 2 (technical remediation including ILMT and container metering): 2 to 4 weeks. Phase 3 (evidence package assembly): 2 to 3 weeks. Phase 4 (negotiation and closure): 4 to 8 weeks. Phases often overlap, and early remediation accelerates the negotiation.
Yes, using historical infrastructure data. vCenter performance metrics, Kubernetes pod metrics, CMDB records, and change management logs can demonstrate sub-capacity usage during periods where ILMT coverage was incomplete. This historical reconstruction is a standard defence technique and is accepted by IBM in negotiations, though they may initially resist.
Don't respond without independent IBM licensing expertise. Preserve all infrastructure data including vCenter, Kubernetes metrics, and CMDB. Begin ILMT remediation immediately by deploying agents to any uncovered servers. Do not share any data with IBM or their auditors until your defence strategy is established. The initial response sets the trajectory for the entire audit.
IBM typically engages an external Big Four firm to conduct the audit under Passport Advantage audit rights. The auditor requests deployment data, ILMT reports, and infrastructure information. They produce findings based on their analysis, applying full-capacity defaults where ILMT is missing. IBM then presents the findings as a commercial claim and pushes for licence purchases or settlement.
Redress provides full-scope IBM audit defence. Audit findings deconstruction, ILMT and container remediation coordination, historical usage reconstruction, entitlement reconciliation, evidence package assembly, and direct negotiation with IBM. All fixed-fee, 100% vendor-independent. Track record includes 80 to 99% claim reductions across technology, financial services, manufacturing, and other sectors.