Is the IBM ILMT tool SOX Compliant when used with Cognos?

2/11/19
IBM ILMT tool SOX

Recently, a client asked, “ Is the ILMT tool SOX compliant (Sarbanes Oxley) when used with IBM Cognos?” 

So, I went to consult my top advisor, Google.  For the first time in years my top advisor let me down. Such a simple question, and nothing.  This caused me to do what I do best, ask my network and share the results.

Lodestar Solutions is on a mission to educate clients on the rules around the IBM License Metric Tool (ILMT).  This is the tool IBM mandates clients to use when they want to opt for the IBM Virtualization Capacity licensing as documented in the Passport Advantage Agreement related section. https://www.ibm.com/software/passportadvantage/ibmlicensemetrictool.html 

Basically, the ILMT tool monitors whether you are allocating resources correctly based on your IBM licensing when you virtualize your environment.  The main license metric for IBM Virtualization Capacity is Processor Value Unit (PVU) and the ILMT’s main purpose is to measure the high-water mark of PVUs by applicable product within the managed environment. The high-water mark is measured on a quarterly basis and represents the required PVU license requirement customers will need to have license entitlements for the used IBM Virtualization Capacity. 

ILMT is not optional to install when it comes to IBM Virtualization Capacity and related high-water mark PVU counting. It is mandatory (few exceptions apply). https://www.ibm.com/software/passportadvantage/subcapfaqtcs.html

Before I get into the details of if the ILMT tool is SOX (Sarbanes Oxley) compliant when used with IBM Cognos, lets cover the basics. Here are some blogs you may want to check out if you are unfamiliar with the ILMT tool and not sure if you need it installed or are unfamiliar with SOX.

ILMT
SOX

definition of SOX Compliance. In 2002, the United States Congress passed the Sarbanes-Oxley Act (SOX) to protect shareholders and the general public from accounting errors and fraudulent practices in enterprises, and to improve the accuracy of corporate disclosures.

Why Ask if the IBM ILMT is SOX Compliant when used with Cognos?

If you have financial or accounting data in IBM Cognos Analytics (BI) or Cognos Planning Analytics (Tm1) and you are a publicly traded company, you should care because any company or individual who administers the systems related to or relevant to financial and accounting data are regulated under SOX. 

For more information check out this blog on, “What does your IT Team need to know about the Sarbanes Oxley Act?”

https://www.securis.com/clients/data-destruction-it-recycling-healthcare/what-does-your-it-team-need-to-know-about-the-sarbanes-oxley-act/

Is IBM’s ILMT tool Sox Complaint?

After bouncing around IBM for a while I was introduced to the ILMT Senior Offering Manager and he was kind enough to provide the following email to our client. (Provided February 2019)

I am the Offering Manager of ILMT and I have been helping Lodestar Solutions to provide you an official statement about ILMT in relationship of SOX Compliance and assurance that ILMT is not accessing personal data or financial information.

The ILMT tool’s main purpose is to: 
- Identify IBM products that are deployed on a computer server (either virtual or physical) 
- Gather the Virtualization Capacity (virtual processor cores) that is available to the Physical and/or Virtual Server where the IBM products are deployed and perform the related PVU license counting 
- For those IBM products that have further implemented the generation of Software License Metric Tags, ILMT will also collect the related tag content and visualize it in referenced ILMT reports

All of IBM products running on distributed platforms are provided with an ISO 19770-2 software identification tag. This is an xml file that includes info about the IBM product component. 
ILMT performs a file system scan and collects all found ISO 19770-2 xml files that are then mapped to the IBM SW Catalog provided with ILMT to normalize on which the IBM product is deployed. 

As to the hardware info, ILMT will collect information about the number of activated processor cores at the HyperVisor host as well as Virtual CPUs assigned to the hosted VMs/LPARs. 

The BigFix platform that ILMT uses for its processing is gathering additional hardware information related to the computers where the ILMT/BigFix agent runs on (Physical or Virtual servers). This additional information is related to IT configuration attributes such as IP, Hostnames, memory configuration and more. 

As part of the IT configuration attributes of the managed computers the currently logged on user accounts are being gathered too. 

ILMT does not perform any access to any financial data or personal data stored in IBM Cognos Planning Analytics (TM1), IBM Cognos Analytics (BI) or on the virtual or physical server where IBM Cognos TM1 or any other IBM product could be deployed. 

I hope the above clarifies.

Best Regards, 

ILMT Senior Offering Manager 

There you have it!  Asked, “Is the IBM ILMT SOX Compliant when used with Cognos?”  and answered!  

If you have questions on your licensing and want to discuss whether you need to have the ILMT tool installed or if you need assistance installing, reach out to us at Services@lodestarsolutions.com. Or call us at 813-415-2910.

Leave a Comment

X
Send this to a friend