Is the IBM ILMT tool SOX Compliant when used with Cognos?

2/11/19
IBM ILMT tool SOX

Recently, a client asked, “ Is the ILMT tool SOX compliant (Sarbanes Oxley) when used with IBM Cognos?” 

So, I went to consult my top advisor, Google.  For the first time in years my top advisor let me down. Such a simple question, and nothing.  This caused me to do what I do best, ask my network and share the results.

Lodestar Solutions is on a mission to educate clients on the rules around the IBM License Metric Tool (ILMT).  This is the tool IBM mandates clients to use when they want to opt for the IBM Virtualization Capacity licensing as documented in the Passport Advantage Agreement related section. https://www.ibm.com/software/passportadvantage/ibmlicensemetrictool.html 

Basically, the ILMT tool monitors whether you are allocating resources correctly based on your IBM licensing when you virtualize your environment.  The main license metric for IBM Virtualization Capacity is Processor Value Unit (PVU) and the ILMT’s main purpose is to measure the high-water mark of PVUs by applicable product within the managed environment. The high-water mark is measured on a quarterly basis and represents the required PVU license requirement customers will need to have license entitlements for the used IBM Virtualization Capacity. 

ILMT is not optional to install when it comes to IBM Virtualization Capacity and related high-water mark PVU counting. It is mandatory (few exceptions apply). https://www.ibm.com/software/passportadvantage/subcapfaqtcs.html

Before I get into the details of if the ILMT tool is SOX (Sarbanes Oxley) compliant when used with IBM Cognos, lets cover the basics. Here are some blogs you may want to check out if you are unfamiliar with the ILMT tool and not sure if you need it installed or are unfamiliar with SOX.

ILMT
SOX

definition of SOX Compliance. In 2002, the United States Congress passed the Sarbanes-Oxley Act (SOX) to protect shareholders and the general public from accounting errors and fraudulent practices in enterprises, and to improve the accuracy of corporate disclosures.

Why Ask if the IBM ILMT is SOX Compliant when used with Cognos?

If you have financial or accounting data in IBM Cognos Analytics (BI) or Cognos Planning Analytics (Tm1) and you are a publicly traded company, you should care because any company or individual who administers the systems related to or relevant to financial and accounting data are regulated under SOX. 

For more information check out this blog on, “What does your IT Team need to know about the Sarbanes Oxley Act?”

https://www.securis.com/clients/data-destruction-it-recycling-healthcare/what-does-your-it-team-need-to-know-about-the-sarbanes-oxley-act/

Is IBM’s ILMT tool Sox Complaint?

After bouncing around IBM for a while I was introduced to the ILMT Senior Offering Manager and he was kind enough to provide the following email to our client. (Provided February 2019)

I am the Offering Manager of ILMT and I have been helping Lodestar Solutions to provide you an official statement about ILMT in relationship of SOX Compliance and assurance that ILMT is not accessing personal data or financial information.

The ILMT tool’s main purpose is to: 
- Identify IBM products that are deployed on a computer server (either virtual or physical) 
- Gather the Virtualization Capacity (virtual processor cores) that is available to the Physical and/or Virtual Server where the IBM products are deployed and perform the related PVU license counting 
- For those IBM products that have further implemented the generation of Software License Metric Tags, ILMT will also collect the related tag content and visualize it in referenced ILMT reports

All of IBM products running on distributed platforms are provided with an ISO 19770-2 software identification tag. This is an xml file that includes info about the IBM product component. 
ILMT performs a file system scan and collects all found ISO 19770-2 xml files that are then mapped to the IBM SW Catalog provided with ILMT to normalize on which the IBM product is deployed. 

As to the hardware info, ILMT will collect information about the number of activated processor cores at the HyperVisor host as well as Virtual CPUs assigned to the hosted VMs/LPARs. 

The BigFix platform that ILMT uses for its processing is gathering additional hardware information related to the computers where the ILMT/BigFix agent runs on (Physical or Virtual servers). This additional information is related to IT configuration attributes such as IP, Hostnames, memory configuration and more. 

As part of the IT configuration attributes of the managed computers the currently logged on user accounts are being gathered too. 

ILMT does not perform any access to any financial data or personal data stored in IBM Cognos Planning Analytics (TM1), IBM Cognos Analytics (BI) or on the virtual or physical server where IBM Cognos TM1 or any other IBM product could be deployed. 

I hope the above clarifies.

Best Regards, 

ILMT Senior Offering Manager 

There you have it!  Asked, “Is the IBM ILMT SOX Compliant when used with Cognos?”  and answered!  

If you have questions on your licensing and want to discuss whether you need to have the ILMT tool installed or if you need assistance installing, reach out to us at Services@lodestarsolutions.com. Or call us at 813-415-2910.

ILMT Tool Questions and Answers

2/4/2019 - Written by Heather L. Cole, President of Lodestar Solutions
ILMT Tool

Why have I never heard about the IBM ILMT Tool for Cognos BI or TM1?

You have been working with Cognos for years.  Recently a Lodestar Solutions team member reached out to you and said, “I am concerned that you may have an IBM compliance issue and would fail an audit.”  You then learn that maybe you should have had the IBM Licensing Monitoring Tool (ILMT) installed. But you are wondering, “Why have I never heard about the IBM ILMT Tool for Cognos BI or TM1?”

You are not alone! Many clients call me saying they found my blogs on licensing and are confused. Today I’ll address why you have never heard about the IBM ILMT Tool for Cognos BI or Cognos Planning Analytics, TM1 and what steps you should take before you get audited. 

Am I really at risk?  I am not using more PVU’s than I have licensing for, what will IBM do if I am audited and don’t have the ILMT installed? 

They could determine that you are non-complaint and fail the audit even if you aren’t using more PVU’s then you have, because the sub-capacity agreement states if you don’t install it, IBM can assume you are using the full capacity of the servers. You could be forced to pay for PVU’s to cover the entire server.  For example, you have 8 cores on your virtualized server and allocate 4 cores to Planning Analytics (TM1).  The server is rated 70 PVU’s per core.  Even though you have only allocated 4 cores * 70 PVUs per cores so 280 PVUs to TM1. IBM could charge you for another 280 cores if you don’t have the ILMT tool installed, because the server could max out to 8 cores.   Even if you only allocated 4 cores, you could fail the audit just for not having the ILMT tool installed. 

Who needs to install the ILMT for Cognos Analytics (BI) and/or Cognos Planning Analytics?  

All clients that have Processor Value Unit (PVU) licensing.  This includes most Enterprise Planning Analytic/TM1 users and larger Cognos BI clients that have virtualized their environment must install the ILMT tool with a few exceptions.  

Not sure what a PVU is?  

Check out our previous blog, How to Calculate Your IBM PVU Rating

What is the ILMT Tool?  

IBM® License Metric Tool (ILMT) helps IBM Passport Advantage® (PA) customers determine their full and sub-capacity processor value units (PVU) licensing requirements. It helps calculate the number of PVUs available to installed Passport Advantage PVU-based software, including supported virtualized servers. Passport Advantage and Passport Advantage Express customers can order this tool at no charge by selecting the IBM License Metric Tool, part number D561HLL. 

How did I miss the ILMT tool? 

The ILMT is NOT provided as part of the standard download with the software, as a client you must order this separately at no cost. Clients are only informed of the ILMT tool requirements if they read the fine print of the sub capacity agreement or someone explains how important it is.  If you are an older TM1 or Cognos BI client, this was amended to your agreement in July 2011. 

Let’s be real, most IT professionals responsible for installing and maintaining the software do NOT read the fine print of IBM contracts, their lawyers do.  Lawyers would have no clue that the IT person does not know about the ILMT tools because logic would say it should be part of the install package. 

For your reading pleasure here’s the link to the Sub Capacity Licensing Agreement.

You might want to check out IBM’s FAQ on Subcapacity agreement for more information. 

This is such a big deal, IBM has a forum for the ILMT. Click here to check it out!

How Do I Order the ILMT Tool From IBM?

What are the exceptions?  Do I really need to install this? 

There are some exceptions such as if a client is less than 1000 employees and contractors, they are not required to install it.  But do you really know how many contractors you have?  And how do you count a contractor?  Is it all the contractor’s employees? (IBM we would love to hear from you on this).  

For more details on exceptions see our previous blog.

What does it take to install the ILMT Tool? 

It’s not as easy as it should be in my opinion. The ILMT tool costs about 30K to have a partner like Lodestar Solutions install it. I am not sure what IBM charges, but speculate it’s higher.  It’s important to know, the ILMT tool requires a separate server too.

Why didn’t an IBM Sales Rep or Partner tell me about this?  

If you have been reading my blogs, you will see I have been trying to get the word out! But candidly, IBM Sales Reps and Partners do not tell clients about the ILMT tool or associated costs in the sales process, as most have no clue what it is or why it’s important. You need to be an educated consumer! 

My Soap Box 

Here’s where I know I am going to get in trouble!  But, sometimes you must break the rules to make things better, to instigate change! 

In my opinion, IBM is setting their IBM Cognos Planning Analytics and Cognos Analytics clients that are on PVU licensing up for failure!  The current process is broken.  As an attorney, I feel IBM fails to adequately disclose or make it easy for clients to adhere to the terms of a somewhat confusing contract. IBM you are better than this!  IBM auditors can penalize clients that are not intentionally stealing licensing, but those that simply failed to install the ILMT monitoring tool.  

One client that did not install the ILMT, and was not using too many PVUS was told by the auditors, that IBM was going to charge them over $78,000 to quote “settle” the audit but they would allow the client to apply the payment to purchasing other IBM products not related to the audit. However, they were not allowed to purchase the additional licenses from a partner. They were forced to buy direct from IBM. This confuses me. If a client, “failed” the audit shouldn’t they be required to purchase the licenses they were out of compliance on?  But since in this situation they were only out of compliance with the ILMT which is free and not any other licenses, IBM said they could buy other software. Luckily for the client they were growing their BI footprint and could buy BI licenses. Not so lucky for the partner they were working with in the process because IBM would not allow them to buy from the partner helping them succeed at business intelligence.

Next Steps: 

Contact us at Services@Lodestarsolutions.com and we can walk you through your specific situation.  We will also provide you with our document on how to calculate your PVUs.  We are here to help and show you a better way! 

X