1. IBM Sub-Capacity Licensing Explained
Sub-capacity vs full-capacity, the 90-day rule, and no more exceptions
Sub-Capacity vs Full-Capacity
Under full-capacity licensing, an organisation must licence an IBM product for the entire capacity of the server, all CPU cores on the machine, regardless of actual usage. In contrast, IBM’s virtualisation capacity (sub-capacity) licensing allows you to licence only the portion of server capacity that the IBM software uses. For example, the CPU cores allocated to a VM running the software.
This model can significantly reduce the number of Processor Value Units (PVUs) or Virtual Processor Cores (VPCs) required on large servers or cloud instances, yielding substantial cost savings. Sub-capacity licensing is especially beneficial in highly virtualised data centres and cloud deployments where workloads are consolidated.
IBM only grants sub-capacity terms if customers agree to its monitoring rules and deploy approved measurement tools. Sub-capacity is an exception to full-capacity licensing that IBM extends only if you continuously demonstrate compliance. If you fail to meet IBM’s sub-capacity conditions, for instance by not running ILMT or not producing required reports, IBM reserves the right to revert your licensing to full-capacity calculations. For a broader overview, see our guide on capacity-based licensing for IBM software.
The 90-Day Rule
IBM’s Passport Advantage agreement specifies that new sub-capacity customers must install and begin using ILMT within 90 days of deploying any eligible IBM software in a virtualised (sub-capacity) environment. From the moment you first run an IBM product on an eligible hypervisor or cloud instance with the intent to licence sub-capacity, the clock starts ticking. Failing to deploy ILMT within 90 days technically forfeits your sub-capacity rights for that period.
No More Exceptions
In the past, IBM allowed limited exceptions to the ILMT requirement, such as very small environments with fewer than 1,000 PVUs or unsupported platforms, where manual tracking was deemed sufficient. As of May 1, 2023, IBM no longer accepts most exceptions to the ILMT mandate. Virtually all customers are now required to use ILMT for sub-capacity licensing. IBM has tightened the rules: to receive the benefit of sub-capacity pricing, you must use ILMT (or an IBM-approved equivalent tool) and meet all associated requirements.
| Licensing Model | How It Works | ILMT Required? | Cost Impact |
|---|---|---|---|
| Full Capacity | Licence all CPU cores on the physical server | No | Highest cost: pays for unused capacity |
| Sub-Capacity (VMs) | Licence only the virtual cores assigned to IBM software | Yes: ILMT mandatory | Significant savings, often 60-80% less |
| Sub-Capacity (Containers) | Licence containerised workloads on Kubernetes/OpenShift | Yes: IBM Licence Service | Savings depends on cluster configuration |
2. The Critical Role of ILMT in Compliance
What ILMT is, why it is mandatory, and quarterly reporting requirements
What Is ILMT?
The IBM Licence Metric Tool (ILMT) is a software asset management tool provided by IBM, at no charge to IBM Passport Advantage clients, that monitors IBM software deployments and calculates PVU/VPC consumption. ILMT is designed to automatically discover IBM software installed on servers, track the processor core capacity available to those products, and generate reports on your utilisation. For a full ILMT walkthrough, see our IBM ILMT: sub-capacity licensing advisory.
The tool must be configured with agents on all relevant servers or VMs, and it typically performs regular scans (e.g. weekly) to capture any changes in deployment. ILMT can be deployed via BigFix or as a standalone “Lite” agent scanner.
Mandatory for Sub-Capacity
IBM’s sub-capacity licensing terms explicitly require ILMT to be deployed and active for any PVU-based software running in a virtualised environment. This means ILMT (or HCL BigFix Inventory, an equivalent IBM-approved tool) needs to be installed, configured, and maintained if you licence IBM software on VMs, cloud instances, or any scenario other than full physical isolation.
IBM expects ILMT to run continuously and stay up to date. A CIO should ensure that an ILMT implementation is not a one-time project, but an ongoing operational process, including regularly applying ILMT updates and software catalogue patches. Running an outdated version that fails to detect a new processor type or product could render your compliance data invalid.
Quarterly Reporting Requirements
Simply installing ILMT is not enough. You also need to use it to generate regular reports. IBM policy requires ILMT to produce audit snapshots at least once a quarter, and organisations should retain at least two years of these reports as evidence of continuous compliance.
Schedule Quarterly PVU Usage Reports
Generate ILMT audit snapshots every quarter and review them internally for anomalies, such as unexpected spikes in PVU consumption.
Archive Reports for 2+ Years
Back up all ILMT reports to a secure repository and periodically test the retrieval process as part of audit readiness.
Institutionalise the Process
Align ILMT reporting with quarterly internal audits or ITSM routines. This ensures the critical requirement does not slip through the cracks.
Full Coverage of the Environment
A common mistake is deploying ILMT on most, but not all, servers where IBM software resides. IBM requires ILMT to monitor all eligible virtualisation environments where IBM software is installed. Any gap or omission can jeopardise eligibility for sub-capacity.
If one VMware cluster was left out of ILMT scanning, or a department stood up a new AWS VM with IBM software without installing the ILMT agent, that portion of your deployment would not be accounted for. In an audit, IBM can declare that sub-capacity terms do not apply to any untracked installations, resulting in full-capacity charges.
💡 Best Practice
Ensure ILMT agents are part of the standard build for any new server hosting IBM products, including development, testing, and disaster recovery environments. Regular reconciliations of ILMT’s inventory against known IBM software deployments (from CMDB or other sources) are essential to catch any stragglers.
Why ILMT Matters
ILMT is the proof that you are respecting IBM’s licensing rules. If sub-capacity licensing is a contractually granted privilege, then ILMT is the monitoring mechanism that IBM insists on to allow that privilege. IBM auditors heavily scrutinise ILMT data because without it, customers have little defence to justify sub-capacity calculations. One independent IBM licensing expert describes ILMT as not just a tool, but a cornerstone of IBM compliance in virtualised environments.
3. Risks of Non-Compliance with Sub-Capacity Rules
Financial exposure, audit triggers, and contractual consequences
Exposure to Full-Capacity Charges
The most immediate risk of not complying with IBM’s sub-capacity requirements is financial exposure. IBM’s contracts make it clear that if you do not meet the conditions for sub-capacity, you lose the right to sub-capacity pricing and must pay for full capacity. In an audit, IBM will calculate your licence usage as if every processor core in each physical server is utilised by the IBM software, even if it is constrained to a small VM.
This can multiply licence requirements dramatically. For example, a single WebSphere instance using four cores on a 32-core host could be charged as if it were using all 32 cores. One company discovered that an IBM middleware product running on an unsupported Windows Server 2008 was not eligible for sub-capacity. IBM initially calculated a $16 million licence exposure at full capacity.
Audit Triggers
Non-compliance with ILMT and sub-capacity rules does not just get discovered in audits. It can trigger audits. IBM knows which customers have agreed to sub-capacity terms and expects to see ILMT data or attestations. A failure to deploy or regularly use ILMT is viewed by IBM as “low-hanging fruit” for compliance issues. Missing or improper ILMT deployment ranks as a top reason for IBM to initiate an audit. For audit preparation, see our guide on how to prepare for an IBM audit.
| Non-Compliance Scenario | IBM’s Likely Response | Potential Cost Impact |
|---|---|---|
| ILMT not deployed at all | Full-capacity charges for entire environment | Millions in licence fees + back-maintenance |
| ILMT deployed late (beyond 90 days) | Full-capacity for the unmonitored period | Significant: depends on gap duration |
| Quarterly reports missing | Non-compliance claim for unreported periods | Back-charges at full capacity for those quarters |
| Incomplete server coverage | Full-capacity for unmonitored hosts/clusters | Proportional to uncovered environment size |
| Outdated ILMT version | May not recognise new CPUs/products | Compliance gaps treated as untracked usage |
Legal and Contractual Consequences
Beyond raw licence fees, non-compliance can carry contractual consequences. Failure to adhere to licensing terms constitutes a breach of the Passport Advantage agreement, which may result in licence termination or legal action in extreme cases. More commonly, it severely weakens the customer’s negotiating position. IBM now inserts clauses requiring customers to provide deployment documentation annually, even outside of audits. For audit defence strategies, see our enterprise guide to IBM licence audits.
Reputational Risk
From a CIO’s viewpoint, an audit that goes poorly due to non-compliance can damage the IT department’s reputation within the company. Surprise financial hits from an audit can erode the confidence that the CEO and CFO have in IT governance. Ensuring ILMT compliance is a relatively straightforward way to prevent such a scenario.
Need Help Assessing Your IBM Sub-Capacity Compliance Posture?
Redress Compliance provides independent IBM licensing assessments, identifying compliance gaps and quantifying risk before IBM does.
IBM Licensing Assessment →4. ILMT Deployment and Best Practices
Eight steps for a robust IBM sub-capacity compliance programme
Ensuring ILMT is properly deployed and managed is a multi-step exercise involving technology, process, and people. Below are best practices for CIOs to enforce a robust IBM sub-capacity compliance programme.
Deploy ILMT Universally
Install ILMT agents on all servers, VMs, or cloud instances running IBM software under PVU/VPC licensing. This includes production, development, testing, QA, and disaster recovery environments. VMware, Hyper-V, IBM PowerVM, and public cloud VMs (AWS, Azure, GCP) must all be in scope. If a particular environment cannot be covered by ILMT, review whether the deployment is sub-capacity eligible at all.
Timely Installation and Configuration
Bake ILMT deployment into the project plan of any new IBM software implementation in a virtual environment. Stand up the ILMT server early and push agents as part of the software rollout. Connect ILMT to vCenter or other hypervisor management interfaces so it gathers host capacity data. Treat the 90-day rule as a strict deadline.
Regular Scanning and Inventory Updates
Configure ILMT to perform regular scans (at least weekly) of all managed endpoints. Update the ILMT software catalogue whenever IBM provides new definitions. Review ILMT’s inventory against expected entitlements. Any unknown or unexpected installations should be investigated promptly as potential shadow IT.
Keep ILMT Updated
Apply patches and version upgrades promptly. IBM periodically releases updates to add support for new operating systems, virtualisation technologies, processor chips, and product signatures. A lagging ILMT deployment could be viewed as non-compliant if it fails to capture required data.
Validate and Tune ILMT Data
Cross-check that products, versions, and VM host-guest relationships are accurately reflected. Review “audit snapshot” reports for anomalies such as sudden PVU spikes that may indicate unplanned VM moves. Catch and correct errors before an official audit finds them.
Integrate with Change Management
Whenever a new VM with IBM software is created or cloned, ILMT agent deployment should be part of that change. Mandate a compliance checkpoint for any cloud or virtual environment expansion involving IBM software. The change ticket cannot be closed until ILMT shows data from the new system.
Leverage Reporting for Optimisation
ILMT is not just a compliance tool. Use it to identify over-licensing or under-utilisation. ILMT displays peak PVU usage which can be compared to entitlements to inform consolidation or right-sizing decisions.
Independent Compliance Reviews
Engage an independent IBM licensing expert, such as Redress Compliance, to periodically audit your ILMT reports and assess sub-capacity compliance. These experts can catch issues an internal team might overlook and provide confidence that you are audit-ready.
💡 Key Insight
Good compliance hygiene goes hand in hand with cost optimisation. Organisations that excel in software licence management treat tools like ILMT as part of their IT operations DNA, not as an afterthought. This not only avoids financial landmines but positions IT as a well-managed, audit-ready function of the business.
5. Sub-Capacity Licensing in Cloud and Container Environments
Public cloud, Kubernetes, OpenShift, and hybrid deployments
Public Cloud (IaaS) Environments
IBM permits customers to bring their licences to approved public cloud providers under the “Eligible Public Cloud BYOSL” policy. Major platforms, including AWS, Microsoft Azure, GCP, IBM Cloud, and Alibaba Cloud, are eligible environments.
When you deploy IBM software on cloud VMs (for example, IBM DB2 on an AWS EC2 instance), the same sub-capacity rules apply as on-premises: you must use ILMT to monitor PVU/VPC usage. This means installing ILMT agents on cloud VMs and ensuring connectivity between your ILMT server and cloud instances. Do not assume the cloud provider’s native tools are a substitute. IBM explicitly requires ILMT for its sub-capacity calculations.
Containerised Environments (Kubernetes/OpenShift)
For containerised IBM software (e.g. IBM Cloud Paks on Red Hat OpenShift or Kubernetes), IBM’s sub-capacity tool of choice is the IBM Licence Service (ILS), not ILMT. ILS is a small service that runs in the container cluster and tracks IBM product usage in real time.
As of the 2023 Passport Advantage updates, customers no longer need a separate contract addendum for container licensing, but they must deploy IBM Licence Service in their clusters. Without it, IBM will consider the entire physical cluster’s capacity to determine licence needs. For Cloud Pak licensing detail, see our IBM Cloud Paks and VPC licensing overview.
| Environment Type | Required Tool | Key Requirement | Risk Without Tool |
|---|---|---|---|
| Traditional VMs (VMware, Hyper-V, PowerVM) | ILMT | Agents on all hosts; quarterly reports | Full-capacity charges on entire physical server |
| Public Cloud VMs (AWS, Azure, GCP) | ILMT | Agents on cloud instances; connectivity to ILMT server | Full-capacity charges on cloud host |
| Containers (Kubernetes/OpenShift) | IBM Licence Service (ILS) | Deploy in each cluster; report VPC usage | Full-capacity charges on entire cluster |
| Hybrid (VMs + Containers) | ILMT + ILS + Licence Service Reporter | Aggregate and consolidate usage from both | Incomplete picture; combined shortfalls |
Hybrid Environments and Reporting
Many organisations have hybrid deployments: some instances run on traditional VMs (monitored by ILMT) and others in containers (monitored by ILS). IBM provides a Licence Service Reporter tool to aggregate usage data from both in hybrid scenarios. CIOs should ensure teams capture and consolidate these reports to avoid overlooking combined licence counts.
Cloud Paks and New Metrics
IBM’s Cloud Paks, bundles of IBM software licensed via Virtual Processor Core (VPC) metric often deployed on OpenShift, come with their own licensing terms but still require ongoing monitoring through IBM Licence Service. The Passport Advantage agreement was updated in February 2023 to include new container licensing language and require customers to maintain deployment records.
Moving to containers or cloud-native IBM products does not eliminate compliance requirements. It changes them. Ensure your IT asset management team is up to date on IBM’s latest tools (ILMT, ILS) and policies for new environments. For licence type detail, see our guide on IBM licence types: navigating IBM software licensing.
6. Common Pitfalls and Scenarios
Six traps that catch even well-intentioned ITAM teams
Even with the best intentions, organisations can fall into common traps regarding sub-capacity licensing and ILMT. Here are the most frequent pitfalls and how to avoid them.
Incomplete ILMT Coverage
Assuming ILMT covers everything because it is installed “somewhere” without verifying that every host reports to ILMT. A satellite office setting up an ESXi host running an IBM application without ILMT creates an invisible compliance gap. In one case, a company failed to install ILMT on a DR cluster. IBM moved to count the entire DR server capacity during an audit.
Outdated Operating Systems or Hypervisors
Not all platforms are eligible for sub-capacity. Running IBM software on an unsupported environment, such as an end-of-life operating system, means ILMT may collect data but IBM can disallow sub-capacity entirely. The Windows Server 2008 case (where ILMT data was ignored and full capacity applied) is a cautionary tale. Always check IBM’s Eligible Virtualisation Technologies list.
Forgetting to Save Reports
A surprising number of companies run ILMT but fail to save quarterly reports long-term. Without evidence, IBM can claim non-compliance even if ILMT was functioning. Automate the export and archival of ILMT reports every quarter to a secure repository.
ILMT Not Updated or Misconfigured
Perhaps ILMT has not been upgraded to recognise a new CPU type, or VM manager credentials expired after a vCenter upgrade, causing data collection to fail silently. Treat ILMT like a compliance heartbeat. If an agent fails to report, an alert should be raised. Configuration drift should be promptly corrected.
Ignoring Containers or New Deployments
DevOps teams deploying containerised IBM solutions may not involve the SAM team. The result: IBM Licence Service is not deployed and usage is untracked. CIOs should facilitate cross-team communication so that any use of IBM software in any form triggers compliance actions.
Reactive vs Proactive Posture
Organisations that only scramble to fix ILMT issues after receiving an audit notice face a stressful and less effective response. A proactive stance, conducting self-audits, fixing issues continuously, and involving independent licensing experts, significantly reduces anxiety when the audit letter arrives.
🎯 Lesson Learned
Consider running an internal “mock audit” where your team, or a third party, reviews your ILMT data and licensing as an auditor would. It is much better to find and fix a problem yourself than to have IBM find it. For detailed audit defence preparation, see our IBM audit defence FAQs 2025 and our CIO playbook for IBM software licence audits and defence.
7. CIO Recommendations
Nine actionable steps to strengthen IBM licensing compliance
For CIOs looking to strengthen their IBM licensing compliance and avoid costly mistakes, here are clear, actionable steps.
Ensure ILMT Deployment and Coverage
Verify that ILMT is fully deployed across all environments where IBM software runs in virtualised mode. Close any coverage gaps immediately. Make ILMT deployment a standard requirement for any new IBM software installation on VMs or cloud instances.
Enforce Regular ILMT Reporting
Establish a policy to generate and archive ILMT reports quarterly without fail. Maintain at least two years of historical reports. Consider integrating report reviews into quarterly IT governance meetings.
Keep ILMT (and ILS) Up to Date
Task your IT asset management team with updating ILMT to the latest version and applying fix packs promptly. Ensure IBM Licence Service in container environments is updated alongside your container platform updates.
Implement Compliance Monitoring
Treat compliance as an ongoing process. Set up alerts for ILMT data. Get notified if a known server is not reporting or if scan results show unexpected spikes. Track IBM’s announcements about licensing rule changes and adjust accordingly.
Include Cloud and Containers in Licence Tracking
Expand your compliance programme to cover cloud VMs and Kubernetes clusters. Ensure ILMT agents are installed on cloud hosts just as they would be on-premises. For containerised deployments, deploy IBM Licence Service in each cluster. Combine data from ILMT and ILS for a comprehensive view.
Educate and Assign Ownership
Conduct awareness sessions for infrastructure, cloud, and DevOps teams about IBM’s sub-capacity rules. Assign a single owner or team for IBM licence compliance (e.g. a SAM manager) who has the mandate to enforce requirements across silos.
Engage Independent Expertise
Consider hiring an independent IBM licensing advisor, such as Redress Compliance, to perform periodic compliance health checks or assist with complex scenarios. Independent experts are particularly useful for interpreting cloud licensing terms, handling legacy exceptions, and providing objective risk assessments.
Prepare for Audits Proactively
Develop an IBM Audit Response Plan. Identify who will interface with auditors, organise all ILMT and Licence Service data, and have evidence of compliance readily available. Practice this through internal audits or drills. Preparation is the best defence. For audit compliance processes, see our guide on IBM software licence compliance for IBM audits.
Explore IBM’s IASP Programme
If you have a large IBM footprint, explore the IBM Authorised SAM Provider (IASP) programme. You work with an IBM-sanctioned third party to continuously report usage; in return, IBM agrees not to audit you while in good standing. Weigh the pros and cons, including costs and data sharing, with independent expert guidance. See our IBM IASP programme guide for more detail.
Frequently Asked Questions
Common questions about IBM sub-capacity licensing and ILMT
If ILMT is not deployed within 90 days of first running IBM software in a virtualised sub-capacity environment, you technically forfeit your sub-capacity rights for that period. IBM can calculate your licence obligations at full physical capacity for any unmonitored period. This can result in a significant licence shortfall and back-maintenance charges. Deploy ILMT as soon as possible. While it will not undo past non-compliance, it demonstrates good faith and is essential for any negotiation of sub-capacity considerations.
Yes, IBM provides ILMT at no charge to Passport Advantage customers. There is no licensing cost for the tool itself. However, there are operational costs: server infrastructure, agent deployment, staff time for configuration and maintenance. Some organisations also use HCL BigFix Inventory (an IBM-approved equivalent) which may have its own licensing terms. The investment in deploying and maintaining ILMT is minimal compared to the financial exposure of full-capacity charges.
Containers require the IBM Licence Service (ILS), not ILMT. ILS runs within the Kubernetes or OpenShift cluster and tracks IBM product usage (typically measured in VPCs) in real time. If you have a hybrid environment with both VMs and containers, you need both ILMT (for VMs) and ILS (for containers), plus the Licence Service Reporter to aggregate data. Without ILS in a containerised environment, IBM may charge for the entire physical cluster’s capacity.
IBM requires ILMT audit snapshots to be generated at least quarterly, and organisations should retain at least eight consecutive quarters (two years) of reports. During an audit, IBM auditors will request historical ILMT reports to verify continuous compliance. If you cannot furnish reports for any period, IBM may determine you were non-compliant during that time and back-charge at full capacity. Automate report generation and archive them to a secure, backed-up repository.
Common triggers include: missing or improper ILMT deployment, expiring or non-renewed support agreements, declining IBM spend, significant infrastructure changes (cloud migration, new data centres), mergers and acquisitions, and contract renewals or large deal negotiations. IBM’s sales teams track customer investments. If spending drops or major IT changes occur without corresponding licence updates, they will want a closer look. Proactive compliance monitoring is the best way to avoid triggering scrutiny.
Absolutely. Redress Compliance offers independent IBM licensing advisory services including ILMT compliance health checks, sub-capacity risk assessments, audit defence, and ELA renewal support. Our team has deep expertise in IBM’s licensing models, from traditional PVU/RVU metrics to newer VPC and container licensing schemes, and can provide an objective evaluation of your compliance posture. We work exclusively on behalf of the client, identifying gaps and optimisation opportunities without triggering any vendor action.
Sub-capacity licensing is one of the most valuable cost controls available to IBM customers, but it is also one of the easiest to lose. The 90-day deployment window is not a suggestion. Quarterly reporting is not optional. And ILMT coverage must be total, not partial. The organisations that protect their sub-capacity rights are those that treat ILMT as critical infrastructure, not an afterthought. One missed cluster, one late deployment, one unsaved report, and IBM has grounds to revert you to full-capacity charges. The financial exposure from that single gap can dwarf the cost of proper compliance.— Fredrik Filipsson, Co-Founder, Redress Compliance