Locations

Resources

Careers

Contact

Contact us

Broadcom / CIO Playbook

CIO Playbook: Effective SAM for Broadcom Software (VMware, Symantec & CA)

By Alex Morgan, Senior Advisor & Licensing Expert โ€“ Broadcom & VMware Software

Effective SAM for Broadcom Software (VMware, Symantec & CA)

Overview: Broadcomโ€™s 2024 Licensing Shift and Why SAM Matters

Broadcomโ€™s acquisition-driven strategy has transformed the licensing landscape for VMware, Symantec, and CA Technologies software. In 2024, following the VMware acquisition, Broadcom introduced sweeping changes โ€“ moving VMware to subscription-only models, simplifying (and restricting) SKUs, and enforcing stricter compliance.

For global enterprises, these changes mean Software Asset Management (SAM) is no longer optional; it is critical. Neglecting SAM under Broadcomโ€™s new regime can lead to surprise costs, compliance penalties, or service disruptions.

Broadcomโ€™s approach emphasizes long-term subscriptions and predictable revenue, often at the expense of flexibility. VMwareโ€™s perpetual licenses were discontinued virtually overnight, replaced by core-based subscriptions with multi-year commitments. Similarly, Broadcom has rationalized Symantec and CA product offerings, pushing customers into new bundles and licensing terms.

These shifts heighten the risk of non-compliance if entitlements and usage arenโ€™t meticulously tracked. CIOs must treat Broadcom like an audit-prone mega-vendor โ€“ on par with Oracle or Microsoft โ€“ and fortify their SAM practices accordingly. A proactive SAM program will enable enterprises to adapt to Broadcomโ€™s rules, avoid overspending on unused licenses, and negotiate from a position of data-driven insight.

In short, Broadcomโ€™s licensing changes have made SAM a board-level concern. CIOs should urgently ensure their organizations have full visibility into deployed Broadcom software (including VMware, Symantec, and CA tools), understand the new licensing metrics, and can rapidly produce compliance evidence.

The following sections of this playbook provide detailed guidance for managing VMware assets under Broadcom, best practices for other Broadcom software, tool recommendations, and governance steps to protect your enterprise.

What CIOs Should Do:

  • Elevate SAM Priority: Recognize SAM as mission-critical under Broadcomโ€™s new licensing model. Communicate the heightened compliance risks to executive stakeholders.
  • Understand New Terms: Have your licensing experts dissect Broadcomโ€™s 2024 license terms and subscription requirements for VMware, Symantec, and CA products. Identify key changes (e.g., core-based metrics, multi-year commitments).
  • Baseline Your Assets: Immediately inventory all Broadcom-acquired software in use, including VMware virtualization, Symantec security, and CA mainframe and DevOps solutions. Document current entitlements and map them to actual deployments.
  • Invest in SAM Readiness: Allocate resources (team, tools, budget) to strengthen SAM capabilities specifically for Broadcom software. Treat Broadcom as you would Oracle โ€“ assume an audit will come, and prepare accordingly.
  • Plan for Audits: Implement an internal audit schedule for Broadcom software to preempt compliance issues. Ensure the organization can quickly gather evidence of license usage and entitlement if Broadcom initiates a review.

SAM Guidance for VMware Under Broadcom

Broadcomโ€™s integration of VMware brought rapid-fire changes to VMwareโ€™s licensing model. Enterprises using VMware vSphere, vSAN, NSX, or related products must adjust their software asset management (SAM) practices to keep pace.

Key focus areas include tracking the new core-based licenses, preserving records of legacy VMware entitlements, understanding Broadcomโ€™s SKU simplification, and enforcing audit-ready controls. Below, we break down each area and how CIOs can respond:

Tracking Core-Based VMware Licensing in the Broadcom Era

Under Broadcom, VMware licensing is now primarily based on CPU coresย rather than CPU sockets. Every VMware vSphere subscription you purchase covers a certain number of processor cores, with Broadcom imposing minimum counts.

For example, each physical CPU is counted as at least 16 cores โ€“ even if your processor has fewer cores โ€“ and as of 2025, Broadcom requires a minimum of 72 cores for any VMware order. This means that even a small vSphere deployment, such as a single 8-core server, now requires paying for 72 cores of licensing. The practical impact is substantially higher costs for smaller or edge deployments and a strong incentive to consolidate workloads on fewer, larger hosts.

To manage this, SAM teams should leverage VMwareโ€™s tools, such asย vCenter Serverย and related management suites, to track theย deployed CPU cores. vCenter maintains an inventory of all ESXi hosts, including the number of physical CPUs and cores per host.

Administrators can generate reports or export data on host CPU configurations from vCenter to understand the total core count that needs to be licensed. Integrate vCenter data with your SAM database so that the core count for every cluster is up to date.

Itโ€™s also important to account for hyperthreading: VMware defines licensing cores in terms of physical cores, with two vCPUs equal to one core when hyperthreading is enabled. Ensure your SAM team understands these definitions to avoid miscounting.

Another aspect to track is the difference between active and subscribed cores. Because VMware subscriptions may be sold in fixed bundles (e.g., 16-core packs) and Broadcom enforces minimums, companies may have โ€œexcessโ€ licensed cores if their environment doesnโ€™t match those bundles neatly. Your SAM tool or processes should reconcile the number of cores in use with the number paid for.

This helps identify opportunities to optimize, such as decommissioning unused hosts or reallocating workloads, before renewal. Additionally, monitor VMwareโ€™s license portal or the vCenter License sectionย regularly for any indications of non-compliance โ€“ for example, vCenter will display if more CPUs are being used than the license file allows. Under subscription, VMwareโ€™s tools might not hard-stop your VMs if you go over, but Broadcom will certainly notice at renewal or audit time.

Preserving Legacy VMware Entitlements (ROBO, Bundles, and More)

Many enterprises have historic VMware licenses and special entitlements acquired before Broadcom took over. These could include ROBO kits (Remote Office/Branch Office licenses), specialized bundles such as vCloud Suite or NSX enterprise agreements, or promotional SKUs that VMware has offered in the past.

It is crucial to retain and catalog all proof of entitlement for these pre-Broadcom VMware licenses. Broadcomโ€™s SKU simplification means some legacy entitlements have no direct one-to-one equivalent in the new scheme. However, your rights to use them (under original terms) should remain valid if you kept support active.

For example, VMwareโ€™s ROBO licensing allowed a fixed number of VMs per remote site for a flat price โ€“ a model that does not neatly translate into Broadcomโ€™s per-core subscriptions. Broadcom currently has no 1:1 replacement for ROBO licenses, so if your branch offices rely on them, you must decide how to transition.

In such cases, your historical ROBO license records (contracts, license keys, quantities) become vital leverage. They will guide discussions with Broadcom on what a fair migration path or substitution should be (e.g., perhaps converting to a standard vSphere subscription at a discount for those sites). Without clear records, you may be forced to buy entirely new licenses for remote offices.

The same applies to any VMware product bundles that have been discontinued โ€“ for example, if you previously purchased NSX as part of a bundle or a vCloud Suite package, keep those entitlement certificates. Broadcomโ€™s support team may require proof that you had the right to certain components if you seek support or upgrades now that the bundles are no longer available.

Action item:

Centralize all VMware pre-acquisition license documents in your Software Asset Management (SAM) repository. This includes license agreements, VMware license keys, support renewal quotes, and any SKU lists from past Enterprise License Agreement (ELA) deals. Having these on hand lets you validate what youโ€™re entitled to, even if the naming or packaging has changed.

It also prepares you to push back if Broadcom attempts to โ€œtrue upโ€ licenses that you already own under old metrics. In internal SAM audits, flag any legacy VMware products that Broadcom has marked as End-of-Sale (for example, vSphere Enterprise, vCloud Director, etc.) and ensure you are aware of the replacement or support policy.

In some cases, continuing to run an EOL VMware product might mean you canโ€™t upgrade without moving to a new Broadcom bundle, which could have cost implications. SAM teams should present these scenarios to the CIO in advance so the business isnโ€™t caught off guard.

Navigating Broadcomโ€™s Simplified VMware SKU Portfolio

Broadcom has dramatically simplified VMwareโ€™s product portfolio, reducing it from a dizzying 150+ SKUs to just a few primary offerings. VMwareโ€™s core products are now consolidated intoย four main bundlesย โ€“ often referred to as the โ€œVMware by Broadcomโ€ portfolio โ€“ centered around Cloud Foundation, vSphere Standard, vSphere Enterprise Plus, andย vSphere Enterprise Plusย (which replaced the previous Essentials Plus edition).

Advanced functionality, such as vSAN (storage virtualization) and NSX (network virtualization), is now added as add-ons or included in these main bundles, rather than being separate standalone products. For SAM, this SKU consolidation is a double-edged sword: it can simplify tracking in the long term, but the transition period will be complex as you map many old SKUs to a smaller number of new ones.

Enterprises should create a license mapping matrix for VMware products. List each VMware product or component your organization uses and determine which of the new Broadcom bundles or add-ons it falls under. For example, if you previously licensed vSphere, vSAN, and NSX separately, under the new scheme, you may need โ€œVMware Cloud Foundationโ€ subscriptions, which include those components in an integrated manner.

However, if you had a lighter footprint (say just vSphere Standard before), you need to confirm if the โ€œvSphere Standardโ€ bundle still exists (it does) and what is included or excluded now.

Broadcomโ€™s simplification also meant that certain editions were outright discontinuedย (the free vSphere Hypervisor and some VMware Aria management products are no longer sold standalone). SAM practitioners should note which legacy licenses can be maintained (if support is maintained) versus which ones will require a migration at renewal.

One important task is to update your CMDB or asset registry with the new product names and versions. After Broadcomโ€™s changes, the licensing part numbers on renewal quotes will be different. For instance, you might see new SKU codes for โ€œVSP-STD-SUBโ€ (vSphere Standard Subscription) instead of the old โ€œVS6-STD-Pโ€ (perpetual).

Ensure that the procurement and SAM teams coordinate so that when you renew or purchase new VMware licenses, the entitlement records in your system reflect these new SKUs and the rights they convey. Also, watch out for bundle component overlap: if you purchase a bundle like Cloud Foundation that includes vSAN, do not also separately record or count a vSAN license โ€“ this could lead to double counting or unnecessary purchases. It may be helpful to tag certain entitlements as โ€œBroadcom Bundlesโ€ with included sub-components in your SAM tool, so you donโ€™t accidentally think you are missing a license for an included feature.

Finally, pay attention to pricing and support differences with the new SKUs. Broadcomโ€™s โ€œsimplifiedโ€ portfolio often comes with higher support tiers; for example, all subscriptions may come with premium support by default. This might mean fewer choices but also higher costs. SAM should track not just license compliance but also support contract obligations.

For instance, under Broadcom, letting support lapse on a subscription essentially means losing the license, since you cannot legally use subscription software without an active subscription. This is a big change from the days when you could continue using software without support (albeit without it). It reinforces the need to manage renewal calendars diligently.

Ensuring VMware Audit Readiness โ€“ Lessons from Oracle Compliance

Broadcom is widely expected to take a much tougher stance on VMware license compliance than VMware did historically. Industry observers have drawn parallels to Oracleโ€™s audit practices: Oracle is notorious for surprise audits and strict license reviews.

Broadcom appears to be heading down a similar path with VMware. Enterprises should operate under the assumption that a VMware audit or true-up request will happen within the next couple of years, if not sooner. Preparing for this requires instituting Oracle-style internal controls and audit simulations for VMware environments.

First, implement regular internal audits of VMware deployments. For example, each quarter, have the SAM team run a compliance check: total licensed cores vs. actual cores in use, plus any additional features (such as vRealize or vCenter Management tools) that may have their licensing. VMwareโ€™s tools can generate a report of all license keys and what capacity they cover โ€“ use this to verify you are not exceeding entitlements anywhere.

If you have dev/test vSphere environments that were using older โ€œno-costโ€ or special licenses (such as the vSphere Hypervisor free edition, which is now discontinued), ensure those are identified. Running a production workload on what Broadcom now considers an invalid license could trigger a compliance issue.

Next, maintain a comprehensive repository of license evidence. Similar to Oracle License Management audits (where you must provide evidence of usage and entitlements), be ready to supply Broadcom with license purchase records, activation codes, and deployment data. Organize this repository by product and year.

It should contain documents such as VMware license certificates, proofs of purchase from resellers, support renewal confirmations (to show you maintained your rights), and deployment architecture diagrams indicating where each license is applied. If Broadcom audits you, having this at your fingertips will reduce panic and allow a faster, more confident response.

Also, consider running scripts or tools to capture usage metrics analogous to Oracleโ€™s LMS scripts. In VMwareโ€™s case, that could be as simple as exporting data from vCenterโ€™s licensing tab or using PowerCLI scripts to list all hosts and their CPU counts.

Archive these outputs with timestamps. They serve as point-in-time proof of what was deployed, which is useful if thereโ€™s any dispute (for instance, if Broadcom claims you were over-deployed six months ago, you can show records that you werenโ€™t, or that you corrected it promptly).

Another practice drawn from Oracle compliance is to strictly control any new deployments or changes that could affect licensing. Establish an internal review for any action, such as adding a new ESXi host, enabling a new vSphere feature, or spinning up an additional vCenter instance.

Those actions should trigger a SAM review to confirm you have sufficient licenses in place before implementation. This prevents accidental non-compliance (e.g., an engineer adding hosts to a cluster without realizing it exceeds the licensed core count โ€“ a scenario that can occur quietly if not monitored).

Lastly, engage with Broadcom proactively. Much like some companies do an โ€œOracle license audit prepโ€ with third-party consultants, you might engage a VMware licensing specialist (independent or from a reseller) to do a mock audit and optimization review.

They can often spot issues like mismatched license keys or opportunities to convert some licenses to a more cost-effective bundle, based on your usage. Being proactive not only minimizes audit risk but can also find cost savings in the new Broadcom models.

What CIOs Should Do (for VMware):

  • Use vCenter for License Tracking: Integrate VMwareโ€™s vCenter inventory data into your Software Asset Management (SAM) processes. Schedule monthly reports on CPU core counts and compare them against the subscriptions purchased, ensuring no environmental drift beyond entitlements.
  • Archive Legacy VMware Entitlements: Preserve all pre-Broadcom VMware license records (ROBO, old bundles, special editions). Have them ready to validate your rights during renewals or audits. Map each legacy license to Broadcomโ€™s new equivalent (or note โ€œno equivalentโ€) for clarity.
  • Align on New Bundles: Create an internal SKU map for VMwareโ€™s new bundles. Update your CMDB and SAM tool with the new product names and included components. Train IT teams that deploying a feature (e.g., vSAN) may now require an add-on license from Broadcom โ€“ nothing is free by assumption.
  • Internal VMware Audits: Conduct internal VMware license compliance audits at least twice a year. Simulate a Broadcom audit: gather deployment evidence, reconcile it with entitlements, and address any overuse immediately (either by reallocating VMs or purchasing additional licenses).
  • Renewal Countdown: Treat VMware subscription renewals as critical deadlines. Set alerts well in advance of renewal dates โ€“ Broadcom imposes penalties for late renewals and may even enforce a lapse as a requirement to buy new licenses at full price. Engage with Broadcom or partners 90+ days in advance to negotiate terms and avoid any gaps.
  • Expert Input: Consider hiring a VMware licensing expert or consultant (or leveraging your resellerโ€™s licensing desk) to review your compliance and optimization options under the new model. The investment in expert advice can prevent multimillion-dollar surprises.

SAM Best Practices for Other Broadcom Software (Symantec & CA)

Beyond VMware, Broadcomโ€™s portfolio includes the Symantec enterprise security suite and CA Technologies software, which spans mainframe solutions and enterprise DevOps tools. Broadcom has applied similar licensing philosophies to these products: pushing subscriptions, consolidating SKUs, and driving strict compliance.

This section covers SAM best practices tailored to Symantec and CA products, including managing endpoints and security licenses, tracking mainframe and DevOps tool usage, handling renewals and bundles, and noting special considerations like legacy entitlements or license model quirks.

Symantec (Broadcom) Endpoint & Security Software

Symantecโ€™s enterprise security products โ€“ now under Broadcom โ€“ include endpoint protection (anti-virus and endpoint security), data loss prevention, encryption, network security (formerly Blue Coat proxies and other solutions), and more.

Broadcom has been simplifying and rebranding many of these. For instance, โ€œSymantec Endpoint Protectionโ€ (SEP) has evolved into Symantec Endpoint Security Complete (SES Complete). This subscription bundles traditional antivirus with advanced threat protection and endpoint detection and response (EDR) features.

Similarly, Symantec encryption offerings were consolidated into suites with new licensing metrics in 2024. SAM teams must stay up-to-date with these changes to effectively track compliance and usage.

A fundamental practice is to maintain accurate counts of deployed endpoints and users for all Symantec security products. Most Symantec software is licensed per device or user. For example, endpoint security typically requires one license per protected device (workstation or server).

Use Symantecโ€™s management consoles, such as the Symantec Endpoint Security cloud portal or on-premises Symantec Endpoint Protection Manager, to get real-time data on the number of devices reporting in. These consoles usually display the number of active agents compared to the licenses applied โ€“ a direct way to see if you are over- or underutilizing your entitlements.

Make sure your SAM team has access to these admin dashboards or receives regular reports from the security team. In practice, setting up an automated monthly export of โ€œdevices in use vs. licenses installedโ€ from the Symantec console to the SAM database can help catch any drift. For example, if IT deploys endpoint protection to 500 new laptops, youโ€™ll know to true up licenses if you only have 400 available.

Broadcomโ€™s versions of these tools often include license enforcement features. For instance, newer Symantec Encryption Management Server releases have a built-in license dashboard that shows your entitlement versus actual usage and even warns you if you exceed the count. Leverage these features; they are essentially early warning systems for SAM.

Given Broadcomโ€™s penchant for subscriptions, check if your Symantec products require periodic renewal or license file updates. Many Symantec on-premises products use a license file (.slf) that must be installed in the management console to activate the purchased seats and enable updates. Broadcom has transitioned this process to their portal, so youโ€™ll retrieve license files from Broadcom Support Online.

SAM should own the calendar for Symantec renewals, just as it does for VMware. If an endpoint security subscription lapses, your endpoint agents may stop receiving updates or display a non-compliant status. Create a renewal timeline for all Symantec contracts, as they may not all co-terminate, depending on the product. Aim to consolidate renewals and negotiate multi-product deals if you use multiple Symantec tools. Broadcom often offers โ€œportfolioโ€ or bundle renewals, which can simplify management if done intentionally.

Managing bundled security suites is another area where SAM diligence is needed. Broadcom tends to bundle features together โ€“ for example, Data Loss Prevention (DLP) modules might come as part of a suite with Information Security, or proxy and web security services might be combined. Ensure you know exactly which components you are entitled to under any bundle license.

A common pitfall is underutilization: companies might buy a Symantec Security bundle to get one specific feature, but that bundle may include additional capabilities (such as cloud access security broker and encryption) that they never deploy.

By tracking the full bundle, SAM can highlight unused components that could potentially be leveraged (getting more value) or dropped in a renewal negotiation for cost savings. Conversely, avoid deploying a component that you think you have but isnโ€™t included โ€“ e.g., using a Symantec DLP module because you have a Symantec suite, not realizing it wasnโ€™t part of your edition. This requires carefully reading the product terms and maintaining a list of โ€œwhatโ€™s in our subscription.โ€

Licensing metrics for Symantec products can vary: endpoints are typically based on device count, while some products are licensed by user count (e.g., DLP may be per user or endpoint, depending on the module). Network appliances are often licensed by throughput or user count (Blue Coat ProxySG licenses typically count users for web filtering). Document the license model for each Symantec product in use.

This helps when reconciling discovery data. For instance, if the ProxySG web gateway is licensed for 1,000 users, you need a way to track how many users are using it, perhaps through logs or directory integration information. The SAM team should collaborate with security operations to obtain those usage statistics (e.g., the number of unique IPs or accounts passing through the proxy). It might not be as straightforward as counting endpoints, but itโ€™s important for demonstrating compliance.

Renewals and support for Symantec tools under Broadcom demand extra attention. Broadcom has been known to strictly enforce renewal dates and, in some cases, has refused to renew for very small customers, instead pushing them to buy new licenses at a higher cost.

While large enterprises are less likely to face non-renewal, they could face steep penalties or loss of grandfathered pricing if they miss a deadline. Start renewal discussions early. Also, verify if Broadcom has changed your support level โ€“ for example, after the acquisition, some customers found that their support tier had changed or that costs had gone up significantly.

SAM should track support contracts as part of the asset, since using the software legally depends on having a support subscription active. If you decide not to renew a particular Symantec product and replace it, plan the removal carefully; Broadcomโ€™s contract terms may have notice periods for cancellation.

Special consideration: legacy Symantec perpetual licenses. If your company purchased Symantec products before Broadcom (especially before 2020) with perpetual rights โ€“ for instance, a perpetual license for Symantec Endpoint Protection with annual maintenance โ€“ note that Broadcomโ€™s model is moving everything to subscription.

In many cases, Broadcom honored existing perpetual licenses as long as maintenance fees were paid. Still, if you ever stop maintenance or want new features, theyโ€™ll push you to migrate to a subscription. SAM should identify any such perpetual licenses and treat them as a different category: these are assets you technically own indefinitely.

Decide strategically whether to keep them (perhaps if they suffice for a segment of users without needing new features) or convert to the newer subscriptions. Keep evidence of these perpetual entitlements (license certificates, purchase records) in case thereโ€™s any dispute over what you can use.

Also, watch out if you upgrade software versions โ€“ Broadcom might say that version โ€œX+1โ€ of the product is only available to subscribers, effectively forcing you to make a move. So, coordinate with your security team and change management: if they plan a major version upgrade of a Symantec tool, run it by SAM to ensure that license entitlements cover the upgrade.

CA Technologies (Mainframe & Enterprise DevOps) Software

Broadcomโ€™s acquisition of CA Technologies brought a range of mainframe software, including databases, systems management, and transaction processing tools, as well as enterprise software such as application lifecycle management, automation, and DevOps tools, under its umbrella.

Managing these licenses comes with its own set of challenges. Mainframe licensing, in particular, is complex and often costly, traditionally tied to IBM mainframe capacity metrics, such as MIPS or MSUs. In contrast, CAโ€™s distributed (non-mainframe) software may be user-based or server-based.

Broadcom has been steering CA customers toward modernized licensing models, including subscription and even consumption-based models, but many legacy contracts persist. A robust SAM approach is needed to handle both legacy and new models.

Mainframe SAM practices:

If your enterprise runs CA mainframe products, such as CA 7 Workload Automation, CA DB2 tools, or CA Endevor for source control, you likely have licenses tied to mainframe CPU capacity. This could be measured in MIPS, MSU, or defined capacity units. SAM for these should be done in partnership with the mainframe capacity planning team.

Ensure you are capturing the current utilization metrics that the licenses are based on. For instance, if a CA product license allows usage on an IBM z/OS LPAR up to 500 MSUs, you need to know if that LPARโ€™s peak usage has exceeded 500 MSUs at any point (which would mean non-compliance or the need to true-up). Mainframes produce detailed SMF records โ€“ use those or have the mainframe team provide regular license compliance reports.

Broadcom introduced a program called Mainframe Consumption Licensing (MCL), which is a usage-based subscription โ€“ essentially an โ€œall-you-can-eatโ€ model across their mainframe portfolio for a fixed annual fee thatโ€™s determined by some baseline usage or committed spend. If your organization switches to this model, SAM should track actual usage versus the committed baseline to ensure youโ€™re getting value and to be ready for any true-up adjustments if usage grows.

One best practice is to centralize all CA mainframe license contracts and metrics in one worksheet or system. These contracts often have idiosyncratic terms โ€“ some might be enterprise licenses (covering all your mainframes enterprise-wide), others might be tied to a specific machine serial number or capacity tier.

Document each product: what metric, what quantity, which machines/partitions it covers, and when it renews. Given Broadcomโ€™s focus on top customers, they often negotiate an enterprise agreement for a bundle of CA products. If you have one of those โ€œall-in-oneโ€ deals, it simplifies tracking in one sense: one contract covers multiple products. However, you should still allocate internally how the cost or usage is divided to spot if one product is growing faster than others.

For CAโ€™s enterprise DevOps and distributed tools (such as CA Automic Automation, CA Application Performance Management, CA Rally (Agile Central), and CA Service Management), SAM should identify how each is licensed. Some are user-based (such as named users or concurrent users), while others are server-based or agent-based.

Broadcom has likely converted many to a subscription as well. Treat these similarly to other enterprise software: ensure an inventory of where each tool is deployed and how many users or agents are configured. For example, if you use CA Service Virtualization (also known as DevTest), count the number of server instances or endpoints that are instrumented โ€“ often, the license is based on servers or concurrent simulations. Align with application owners to gather these numbers on a regular basis.

Renewals and bundling for CA products:

Broadcom typically tries to bundle multiple CA products into a single renewal, especially if they are related. For instance, they might create a โ€œMainframe portfolio renewalโ€ that covers a suite of tools together. While this can simplify contracting, it can also obscure individual product costs and usage. SAM should keep internal records for each product, even if the bill is paid as a single lump sum.

This way, if you decide later to drop a product, you have an estimate of its portion of the bundle cost to inform negotiations. Also, check if you have any โ€œrestricted useโ€ licenses in the CA realm. In some cases, CA (and now Broadcom) offered reduced-price licenses that are restricted to non-production use or

Another special consideration is legacy entitlements and support for older versions. CA Technologies had some products that had been around for decades. Your organization might have a perpetual license from 15 years ago for a CA product, which Broadcom still honors, but only for older versions or with limited support.

If you are still using any such software, weigh the risks. It might be running fine, but if you ever need support or an upgrade, Broadcom may require you to move to a modern license agreement. SAM should flag any product where your entitlement comes from an old contract that hasnโ€™t been refreshed in a long time.

This is a potential audit risk โ€“ Broadcom could claim that you are not properly licensed if the records are unclear. Thus, having those old contracts on hand is important (similar to the Symantec perpetual case). If those products are critical, consider proactively reaching out to Broadcom to clarify support status and ensure your entitlement is recognized in their system.

Finally, be aware of mergers and acquisitions within your enterprise. If your company has merged with another that also owns CA or Symantec licenses, the consolidated license position can be messy. Broadcom contracts might not automatically transfer without consent.

SAM should review any such scenarios with legal โ€“ you may need to formally transfer licenses or merge contracts in Broadcomโ€™s records. Failing to do so might leave some deployments technically unlicensed after an M&A if the original owner’s company name is different from the new one. As part of SAM governance (next section), involve legal to ensure all Broadcom software agreements reflect the current corporate entity and structure.

What CIOs Should Do (for Symantec & CA):

  • Inventory Security Deployments: Maintain an updated inventory of all endpoints, servers, and users covered by Symantec security solutions. Leverage security management consoles to track license utilization (e.g., number of protected endpoints, users on proxies, etc.) and reconcile this with purchased quantities.
  • Centralized Entitlements: Compile a master list of all Symantec and CA product entitlements, including older perpetual licenses. Note the license metric (device, user, CPU, MIPS, etc.), current subscription status, and any special terms. Store related contracts and license files in a repository that is accessible to the SAM and legal teams.
  • Monitor Usage vs. Limits: For each product, implement a usage monitoring process. For example, check mainframe MSU usage against CA license limits monthly, or have the security team report if endpoint deployments exceed 90% of available licenses. Use these insights to trigger preemptive actions (true-ups or reallocations) before Broadcom notices.
  • Plan Renewals & Consolidation: Approach renewals strategically. Wherever possible, align Symantec product renewal dates to simplify management (Broadcom can coterminate contracts on request). Start renewal talks early to avoid any lapses โ€“ Broadcom is strict about lapses, which can result in new purchase requirements. If a product is underused, consider negotiating its removal or downsizing at renewal; conversely, if you foresee growth, lock in pricing for additional capacity now.
  • Educate Technical Teams: Ensure that the teams using these tools (security admins, mainframe ops, DevOps tool owners) understand the licensing implications of their actions. They should inform SAM if they plan to roll out an agent to new servers, add 100 new users to a tool, or increase mainframe capacity โ€“ these could all require additional licenses. Building awareness helps catch compliance issues early.
  • Leverage Vendor Tools: Use any tracking features provided by the vendor. Symantecโ€™s built-in license dashboards or Broadcomโ€™s consumption reports for mainframe are there to help you stay in compliance. Include reviewing those dashboards as a regular task in your SAM program.

Selecting and Using SAM Tools for Broadcom Software

To effectively manage the complex licensing of Broadcomโ€™s software portfolio, organizations should implement robust Software Asset Management (SAM) tools. Modern SAM solutions can discover installations, track usage, and reconcile licenses, but each has strengths and nuances.

Leading tools, such asย Flexera (Flexera One/FlexNet Manager),ย ServiceNow SAM, andย Snow License Manager, all offer capabilities relevant to Broadcom and VMware SAM, albeit with different approaches.

CIOs should ensure that the tool in use is configured to recognize Broadcomโ€™s products and integrate with relevant data sources, such as vCenter or mainframe monitors. Below is guidance on using these tools and a light comparison of their capabilities for Broadcom software management:

  • Flexera One / FlexNet Manager: Flexera has a mature library of software recognition rules and license definitions, including those for VMware, Symantec, and CA products. Out of the box, Flexeraโ€™s content pack is likely to identify installations of Broadcom software on servers and PCs (e.g., it can detect Symantec Endpoint Protection clients, CA agents, etc.). Flexera also provides specific license metric templates โ€“ for example, you can set up a license in FlexNet Manager as โ€œVMware vSphere per-core subscription, 16-core packโ€ and input your purchases. The system will then reconcile the discovered ESXi hostsโ€™ core counts to those entitlements. One of Flexeraโ€™s strengths is SKU and product use rights libraries. Since Broadcom simplified VMwareโ€™s SKUs, Flexeraโ€™s updates in 2024 should reflect these changes, making it easier to import your purchase orders and have the licenses auto-created with correct metrics. Flexera can integrate with vCenter via its inventory connector or vSphere API to directly pull host configurations, which is invaluable for tracking VMware usage. For Symantec and CA, Flexera agents on endpoints or servers will pick up evidence of installed software (e.g., a Symantec DLP agent). However, pure usage might need integration (for example, feeding Flexera with user counts from a proxy log if itโ€™s a user-based license). Flexeraโ€™s solution also allows custom metrics, so you can model a CA mainframe license as a โ€œcapacity-based licenseโ€ and manually input the allowed MSUs and current usage. This requires some care by SAM administrators but can be done. Overall, Flexera is a strong choice if you need an advanced reconciliation engine and have a lot of data to consolidate, especially in a heterogeneous environment.
  • ServiceNow Software Asset Management (SAM Pro): ServiceNowโ€™s SAM module is integrated with its CMDB and IT workflows. For Broadcom software, this integration can be a significant advantage โ€“ all your VMware infrastructure and Symantec installations discovered by ServiceNow Discovery can be directly fed into SAM compliance calculations. ServiceNow SAM comes with license profiles for common software. It likely recognizes VMware vCenter/ESXi and can map those to a โ€œper coreโ€ license metric. However, admins may need to adjust the metric definition to match the 72-core minimum rule, which is an unusual case. One key benefit of ServiceNow is if youโ€™re already using it for ITSM or CMDB, you can pull in data like the number of mainframe MIPS from a manually maintained CI, or the number of users from an integration with an HR system for user-based licenses. ServiceNow SAM also helps with workflow โ€“ for instance, you can create an automated task to true up licenses when a threshold is passed (such as when the discovered count of Symantec endpoint installations exceeds 95% of entitlements, triggering a request to purchase more). Its’ software models’ and โ€œlicense positionsโ€ for Broadcom products should be kept up to date. Check ServiceNowโ€™s content library updates or community for any Broadcom-specific content, especially after the VMware acquisition, as content should have been updated in late 2024. ServiceNow might not have as extensive a SKU catalog as Flexera or Snow for older CA products, so you may need to manually define some licenses. However, it excels at providing a single platform where IT operations, change management, and SAM all intersect. This means that when a new VM host is added to the CMDB, you can immediately assess the license impact, as the SAM module is part of the same system.
  • Snow License Manager: Snow is another popular SAM tool known for its strong discovery capabilities and user-friendly interface. Snowโ€™s inventory agents can detect a wide range of software and also gather detailed hardware info, which is useful for VMware and mainframe tracking. For VMware, Snow can integrate with vSphere to collect details on hosts and clusters. It also has specific recognition for VMware products (such as vCenter and ESXi versions), and its licensing catalog has been updated as Broadcomโ€™s changes unfolded. Snowโ€™s research team usually keeps pace with major vendor changes. Snow License Manager will allow you to set up a license agreement for, say, โ€œVMware vSphere Enterprise Plus Subscription โ€“ 3-year term โ€“ X cores,โ€ and then it will automatically relate all detected vSphere usage to that license. One capability Snow often touts is usage tracking for applications โ€“ e.g., for user-based software, Snow can sometimes track how frequently each user uses an application. This could apply to some CA or Symantec applications installed on user workstations, for example, if you have a Symantec developer tool or a CA client installed, Snow can indicate if it is actively used. That information can inform decisions to reclaim licenses. For mainframe, Snow has a module for IBM z/OS, but tracking CA product usage might still be manual or require an add-on. Snowโ€™s interface can make it easier to produce audit-ready reports โ€“ for example, a non-technical stakeholder can view a dashboard showing โ€œCompliantโ€ or โ€œOver-licensedโ€ status for each Broadcom product. Just ensure that your Snow data is fed properly: integrate it with any unique data sources needed (such as importing a CSV of mainframe usage stats periodically, as Snow can combine manual data inputs with discovered data for license calculations).

When comparing these tools,ย all three can achieve the core goals: discovering software, tracking usage, and reporting license complianceย for Broadcomโ€™s portfolio. Flexera and Snow have an edge in pre-built recognition content, given their decades-long focus on SAM, which may slightly reduce the manual effort required for setting up Broadcom-specific licenses. ServiceNowโ€™s edge is process integration and real-time CMDB synchronization, which is powerful in an environment with frequent changes.

Flexera is often favored for complex environments with multiple vendors (it covers Broadcom, as well as all other major vendors in depth). Snow is sometimes noted for its faster implementation and strong reporting visuals. If your enterprise already has one of these, leverage it fully rather than seeking a new tool just for Broadcom. The key is configuring the tool to handle Broadcomโ€™s licensing nuances:

  • Discovery andย Inventory:ย Ensure the tool detects all instances of Broadcom software. That includes server software (such as CA application servers and Symantec endpoint manager servers), client software (Symantec agents on PCs), and infrastructure (ESXi hosts). Use agents or agentless scans as needed to cover everything. Donโ€™t forget network appliances: for example, if you use Symantec (Blue Coat) ProxySG devices, those might not show up in a typical software scan. You may have to manually enter those as assets and their license counts (user counts) into the SAM toolโ€™s database.
  • Entitlement Import: Load all Broadcom software purchase records into the SAM tool. If available, use the SKU import to get all details correct. For instance, Flexera and Snow can import SKU catalogs โ€“ input the Broadcom SKUs from your purchase orders so the tool knows exactly what product and how much entitlement that represents. This saves time mapping product names. Where SKUs are missing (e.g., older CA products or custom deals), input those as custom license records with the right metric.
  • License Reconciliation Rules: Adjust the license metric in the tool to reflect Broadcom policies. A concrete example: VMwareโ€™s 72-core minimum โ€“ you might implement this by setting a license in the tool that always rounds up any host with >0 cores to 72 (some tools allow a โ€œminimum usageโ€ rule). If thatโ€™s not possible, at least be aware that when reading the compliance output, an environment with, say, 8 cores used will still require 72 cores of entitlement. Similarly, for something like โ€œSymantec web gateway per userโ€, ensure the tool isnโ€™t trying to count installations (since an appliance might be one device, but itโ€™s about users behind it). You may need to manually update the user count and attach it to the license in the SAM tool.
  • Integrate with CMDB & Procurement: Whichever SAM tool you use, integrate it with your configuration management database and procurement systems. When new Broadcom software is purchased, have a process that immediately logs it in the SAM tool (so that entitlements are up to date). When new systems are deployed (via CMDB records), ensure the SAM tool gets that info. For example, if a new mainframe LPAR is activated, the CMDB should reflect this, and the SAM tool should then expect potentially new CA deployments on it. A governance process could require the SAM team to sign off that the LPAR has the necessary licenses for any CA software before it goes live.
  • Reporting: Configure reports specifically for Broadcom compliance. CIOs and other executives will appreciate clear dashboards โ€“ for example, a report for โ€œBroadcom VMware License Positionโ€ showing the total cores in use versus licensed, across all data centers. Another report for โ€œSymantec Endpoint Protection Complianceโ€ shows the total devices protected versus licenses purchased, including a trend over time to help you see if youโ€™re approaching limits. These targeted reports make it easy to spot where to focus. Good SAM tools allow you to schedule these reports, so you can set them to run quarterly and review them in your IT governance meeting.

What CIOs Should Do (regarding Tools):

  • Audit Your SAM Toolโ€™s Coverage: Verify that your current SAM tool is configured to recognize all Broadcom software. Conduct a gap analysis โ€“ are all VMware hosts, Symantec installations, and CA products being discovered? If not, plan to expand the toolโ€™s reach (e.g., deploy additional discovery methods or integrate additional data sources).
  • Engage SAM Tool Vendors: If needed, reach out to your SAM tool provider for updates or plugins related to Broadcom. For example, ensure you have the latest content library that includes VMwareโ€™s new bundles and Symantecโ€™s new SKU codes. Leverage vendor support to help set up complex metrics like core-based licensing with minimums or consumption-based models.
  • Integrate Data Sources: Connect your SAM platform with vCenter, Broadcom support portals, and other relevant systems. Automate data feeds such as VMware host inventory, endpoint counts from security consoles, and mainframe usage stats. This reduces manual data entry and keeps SAM insights up to date.
  • Customize License Models: Work with your SAM team to accurately model Broadcomโ€™s licenses in the tool. Donโ€™t be afraid of customization โ€“ if a standard license template doesnโ€™t fit (e.g., an enterprise all-you-can-eat license), configure a custom metric or override. The goal is that the toolโ€™s compliance calculations match Broadcomโ€™s actual rules.
  • Regularly Review SAM Reports: Incorporate Broadcom license compliance into regular IT management reviews. CIOs should see an at-a-glance compliance status for VMware, Symantec, and CA. If the SAM tool provides a dashboard, have it display a โ€œBroadcom Compliance Scoreโ€ or a similar, aggregated metric across the portfolio. Use these reports to drive discussions on renewals and risk areas well in advance of any audit.
  • Plan for Tool Enhancements: If your current tools lack certain capabilities (for example, your SAM tool may not handle mainframe metrics well), consider investing in add-ons or a complementary tool. In some cases, niche tools for mainframe license management or simple scripts might supplement the big SAM tool. Ensure the SAM budget covers whatโ€™s needed to fully manage Broadcom software data.

Governance and Cross-Functional License Management

Effective SAM for Broadcom software is not just about tools and data โ€“ it requires strong governance and collaboration across the enterprise. Governance ensures that policies and processes are in place to manage software assets throughout their lifecycle and that key stakeholders are involved in compliance efforts. Broadcomโ€™s stringent approach makes governance even more crucial.

This final section outlines recommendations for establishing governance structures, conducting periodic internal audits, centralizing entitlement management, and involving teams from procurement, legal, and finance to mitigate license compliance risk. The overarching principle is to treat Broadcom with the same diligence that has historically been reserved for vendors like Oracle and Microsoft.

Establish a Software License Governance Board or Committee. Given the financial and operational stakes, many enterprises establish a governance group to oversee software compliance with major vendors. For Broadcom, you might form a subcommittee under IT governance, specifically focusing on VMware/Symantec/CA license management.

This group would include the SAM manager, representatives from IT operations (data center, security, and mainframe teams), procurement and contracts, legal, and finance or IT finance. The committeeโ€™s charter is to review Broadcom license use and risks quarterly (or at a suitable frequency), make decisions on remediation or optimization, and ensure alignment on approach when dealing with Broadcom.

For example, suppose an internal audit finds a shortfall in VMware licenses. In that case, the committee can decide whether to buy additional licenses now or perhaps accelerate a project to decommission some systems, essentially balancing compliance and cost. Document the meeting outcomes, as this also helps show an audit trail of due diligence.

Centralize entitlement management in a single system of record. This cannot be overstated: all Broadcom-related contracts, license keys, and entitlement information should be stored in one location (or at least referenced through a single catalog). Whether itโ€™s your SAM toolโ€™s repository or a contract management database, having everything centralized means that nothing falls through the cracks when personnel changes or when Broadcom requests proof.

Make sure this repository is regularly updated โ€“ every time you purchase more licenses, a copy of the order and the corresponding entitlement details should be added. Itโ€™s wise to also maintain a summary document that provides a snapshot of your Broadcom entitlements: e.g., โ€œAs of Jan 2025, we have XYZ: 2000 VMware core licenses, covering these sites; Symantec Endpoint Security for 10,000 devices expiring Dec 2025; CA Mainframe portfolio license covering two mainframe LPs up to 1000 MSUs, expiring Mar 2026,โ€ etc. This kind of high-level summary is useful for CIOs to quickly grasp the overall exposure and for new team members to get up to speed.

Involve Procurement and Legal in all Broadcom dealings. Procurement should be trained and aware that Broadcom is not just another vendor โ€“ any purchase or quote from Broadcom needs careful review of terms. Broadcomโ€™s sales agreements may include specific language on usage, audit rights, renewal conditions, and other terms that procurement and legal must negotiate.

For instance, if Broadcomโ€™s standard terms allow them to audit with only 30 days’ notice, perhaps legal can negotiate a slightly longer notice or a neutral third-party auditor clause. Or if Broadcom imposes a renewal penalty (like the 20% late fee for VMware renewals), maybe procurement can negotiate a grace period. These things wonโ€™t happen unless your team actively tries; many customers sign vendor terms, but given Broadcomโ€™s rigidity, itโ€™s worth the effort to negotiate where possible.

Legalโ€™s role is also to interpret and advise: they should review the old Symantec and CA contracts to confirm your rights and any limitations. They should also be on point if an audit letter comes in โ€“ usually, communication to vendors about audits should be carefully handled via legal counsel. In anticipation, have the legal team prepare a standard internal protocol: if Broadcom sends an audit notice, how will we respond, who will contact them, what is our timeframe, etc.

Finance (especially IT Finance or FP&A) should be looped in to plan for Broadcom-related expenses. The shift to subscription means many costs that might have been one-time are now recurring opex. Broadcomโ€™s price hikes (like the VMware core minimums) can significantly impact budgets. Finance can help forecast these changes and set aside contingency funds for true-ups.

Also, if an audit were to find non-compliance, having a reserve or plan for unbudgeted license costs can prevent a scramble. Treat Broadcom compliance risk like a financial risk โ€“ something to quantify and hedge. Some organizations even calculate an โ€œaudit risk reserveโ€ for major software vendors.

Periodic internal audits and true-ups should be formalized as policy. We discussed doing them for VMware; extend similar rigor across Symantec and CA portfolios. Perhaps every six months, the SAM team produces a Broadcom Compliance Report and presents it to the governance board.

This report would detail any usage beyond entitlement or licenses approaching expiry, along with recommended actions. By making this a routine, you instill discipline and catch issues early. Itโ€™s much easier to handle a small non-compliance (e.g., we found we are 50 endpoint licenses short; letโ€™s buy them for $ 10,000) than to let it fester (maybe Broadcom audits next year and finds it, possibly charging back-support fees or the list price).

Treat Broadcom like Oracle or Microsoft in terms of negotiation strategy. Oracle and Microsoft are known for their auditing and also for giving discounts in exchange for multi-year commitments. Broadcom is showing a similar pattern: for instance, they entice VMware customers with multi-year (3-5 year) subscription deals and trade-in discounts for moving off perpetual licenses.

The CIO, in consultation with SAM and procurement, should develop a vendor strategy for Broadcom. Decide if you want to enter a big ELA-style agreement to potentially save money (with the trade-off of commitment) or if youโ€™ll stick to a more flexible annual purchasing approach (with the trade-off of possibly higher rates and more frequent transactions).

If Broadcom products are critical to you (many are, like mainframe software in banks, or VMware in just about everyoneโ€™s IT), you might not have the leverage to walk away, but you can still optimize how you buy.

The governance team should also weigh the risk of alternative solutions: for example, is there a strategy to diversify away from Broadcom over time, perhaps by using more open-source solutions or migrating some workloads off VMware to cloud-native ones? Such long-term strategic decisions go beyond SAM, but SAM data feeds into them (showing how much Broadcom costs year-over-year and projecting future trends).

Finally, ensure that communication and trainingย are providedย around these governance policies. Everyone from system admins to procurement officers should know that โ€œwe take Broadcom licenses seriously here.โ€

Provide guidelines or checklists โ€“ e.g., a VM admin should check with SAM before deploying a new vSphere cluster. A developer needing a new CA tool should go through SAM to obtain a license, rather than using an old one that is available. Creating a culture of accountability is part of governance.

What CIOs Should Do (for Governance):

  • Form a Broadcom License Steering Group: Bring together IT, SAM, procurement, legal, and finance stakeholders to oversee Broadcom license management. Have this group meet regularly to review compliance status, upcoming renewals, and any vendor communications.
  • Centralized License Knowledge: Maintain a single source of truth for all Broadcom software entitlements and usage metrics. Require that any purchase or contract change with Broadcom be recorded there. Regularly update a high-level dashboard for Broadcom spending and compliance to provide executive visibility.
  • Embed SAM in Change Processes: Update IT change management policies to include license impact checks for Broadcom software. For example, adding capacity to a VMware cluster or onboarding 500 new endpoint devices should trigger a review of license sufficiency. Make this a standard step in relevant workflows.
  • Coordinate with Legal on Audits: Pre-establish an internal process for handling audit requests from Broadcom. Identify who will lead the response, how data will be collected and validated, and how communications will be managed. Treat any informal inquiry from Broadcom seriously and involve legal quickly.
  • Budget for Compliance: Work with finance to proactively allocate a budget for Broadcom license true-ups and renewals. Avoid unplanned costs by forecasting growth in usage โ€“ for example, if you know the business is opening two new branches, budget for the necessary VMware and Symantec licenses ahead of time.
  • Continuous Education: Invest in training for your teams on Broadcomโ€™s licensing. Host internal workshops or bring in experts to educate IT staff about how VMwareโ€™s new licensing works, or how Symantecโ€™s subscription differs from the old model. Informed employees are less likely to inadvertently break license rules.

Do you want to know more about our Broadcom Advisory Services?

Please enable JavaScript in your browser to complete this form.
Author

  • Fredrik Filipsson has 20 years of experience in Oracle license management, including nine years working at Oracle and 11 years as a consultant, assisting major global clients with complex Oracle licensing issues. Before his work in Oracle licensing, he gained valuable expertise in IBM, SAP, and Salesforce licensing through his time at IBM. In addition, Fredrik has played a leading role in AI initiatives and is a successful entrepreneur, co-founding Redress Compliance and several other companies.

    View all posts