IBM ILMT deployment guide 2026.

IBM ILMT is the proof point for sub capacity licensing. Get it wrong and the audit defaults to full capacity. Get it right and you keep the discount.

IBM License Metric Tool is the proof point that lets enterprises license IBM software at sub capacity rather than full capacity. The savings on a single workload can be tens of thousands per year. The discipline required to keep the discount is what most enterprises underestimate.

This guide walks the architecture, scanner coverage, reporting requirements, and the deployment gotchas that fail audits. It is written from the buyer side. The aim is to keep your sub capacity entitlement intact.

Why ILMT matters

Sub capacity versus full capacity

Without a compliant ILMT deployment, IBM products on virtualized hosts default to full capacity. That is the entire underlying physical host, not just the resources assigned to the partition. The cost difference is rarely small.

• Sub capacity. License the resources actually allocated to the partition.
• Full capacity. License the entire physical host running the partition.
• The gap. Often 3x to 10x more PVUs on the same workload.

What the audit looks for

Auditors check whether ILMT was installed, whether scans ran on schedule, whether all eligible workloads were in scope, and whether reports were retained. A failure on any of these can collapse the sub capacity entitlement for that workload.

Reference architecture

ILMT is a server and agent architecture. Get the placement right and operations are simple. Get it wrong and gaps appear at scale.

ILMT server placement

Single ILMT server per environment is typical. Place it in a network segment that can reach every agent. Plan for high availability where the IBM estate is large.

Agent and scanner coverage

Agents are deployed on every host running eligible IBM software. The deployment plan should walk physical, virtualized, and container environments. Missing a single tier produces the audit gap.

Network and air gapped

Where direct network access is restricted, a relay or disconnected scan pattern is supported. Document it. Auditors ask.

Scanner coverage

Coverage gaps are the most common audit issue. A few patterns recur across estates.

Physical and virtualized hosts

Every eligible host gets an agent. No sampling. Verify against your CMDB or hypervisor inventory each quarter.

Container environments

Container coverage is the fastest growing gap. ILMT supports Kubernetes and OpenShift container scanning. The deployment pattern is different from a traditional VM.

Public cloud workloads

IBM software running on EC2, Azure, GCP, or IBM Cloud is in scope. The deployment pattern depends on the cloud and the instance type. Marketplace images sometimes ship with agents pre installed. Verify.

The product works. Most failed ILMT audits are deployment failures, not licensing failures.

Reporting and retention

Reports are the artifact the auditor will ask for first. Their absence is taken as failure.

Scan frequency floor

Scans must run at least every ninety days on every eligible host. We recommend monthly to leave headroom for missed scans. Quarterly is the contractual floor.

Two year retention minimum

Reports must be retained for at least two years and produced on demand during audit. Many enterprises lose reports during ILMT upgrades. Build retention into the upgrade plan.

Quarterly internal sign off

We recommend a quarterly internal sign off on ILMT coverage by the IBM software owner. It is the cheapest single control against audit risk.

Deployment gotchas

Five gotchas explain almost every failed ILMT audit we have seen.

Missed hosts after VMotion or live migration

Agents fall off after live migration in some configurations. Quarterly reconciliation against the hypervisor inventory catches this. Without reconciliation, gaps accumulate quietly.

Upgrade gaps

ILMT upgrades occasionally lose historical reports if retention is not preserved. Plan the upgrade with the auditor question in mind, not just the technical task.

Container exclusions

Containers running eligible IBM software are in scope. Treating them as exempt is the single biggest emerging audit issue we see.

Suggested reading

• IBM PVU licensing. Cross vendor reading from the wider library.
• IBM audit defense playbook. Cross vendor reading from the wider library.
• IBM software audit defense 2026. Cross vendor reading from the wider library.

What to do next

1. Inventory every host running eligible IBM software across physical, virtual, container, and cloud.
2. Reconcile against your ILMT scan list.
3. Identify scan frequency gaps over the last twelve months.
4. Confirm report retention of at least two years.
5. Build a quarterly internal sign off on ILMT coverage.
6. Add container and cloud workloads to the scan plan if they are not already there.
7. Contact us if you receive an IBM audit notice and ILMT coverage is uncertain.

Frequently asked questions

How often do IBM audits actually check ILMT?

Every IBM sub capacity audit checks ILMT. It is the gate to the sub capacity entitlement and the first artifact auditors request.

What happens if a scan is missed?

A single missed scan does not automatically collapse sub capacity, but a pattern of missed scans can. Audit findings tend to focus on patterns more than individual gaps.

Is ILMT free?

Yes. ILMT itself does not carry a separate license fee. The cost is operational, not contractual.

Can we replace ILMT with a third party tool?

Not for IBM sub capacity entitlement. Other tools may help with inventory, but the entitlement is tied to ILMT or its successor offerings.

What about cloud and SaaS environments?

Cloud workloads running eligible IBM software are in scope. SaaS that the customer does not operate is outside the ILMT scope but inside the wider IBM licensing footprint.

Does container coverage really matter?

Yes. Containers running eligible IBM software are in scope and increasingly the focus of audit findings. Treat them as first class in the deployment plan.