When it comes to licensing audits, and as the complexity of IT environments increases, staying on top of your entitlements to mitigate over-deployment will save you time and money. With the complexity of IBM’s software licensing methods, they are no exception. Over the course of IBM’s 100+ year history, IBM has become a conglomerate of many small companies acquired through M&A. As a result, IBM’s Software Licensing is infamously complex with a variety of licensing metrics resulting in millions of audit findings. With over 80 different metrics covering the whole scope of IBM’s products, IBM’s metrics are notoriously difficult to navigate and license properly for. With IBM software commonly deployed in enterprise data centers, understanding the whole slew of licensing metrics and compliance requirements becomes crucial to ensuring you are not paying unnecessary IBM licensing fees. To help you navigate through IBM’s license complexity, let’s get to know some of the metrics and challenges associated with IBM Software Licensing.


License Agreements – Understanding Entitlement and Product Use Rights

IBM has recognized the difficulty associated with understanding their product entitlements and have tried to centralize and simplify its licensing by creating the Passport Advantage (IPAA) program. Passport Advantage is a centralized program that uses a common set of agreements, processes, and tools rather than individual agreements for each of its products. However, you cannot solely rely on Passport Advantage alone, as it does not recognize any license purchases outside of the system. Furthermore, because Passport Advantage allows you to download products without restrictions, unmanaged downloads can expose you to over deployment risks. For any legacy purchases, you will need to present the contract or Purchase Order Entitlement (POE) to IBM. You will also need to account for product migrations to get a more complete, and more accurate picture of your IBM entitlements.

In addition to IPAA, IBM uses multiple other license agreements, each with its own set of terms and conditions that are applicable depending on how the product is licensed or deployed in the environment.  Each agreement has its own set of terms and conditions that are applicable depending on how the product is licensed or deployed in the environment. Thus, you’ll want to pay close attention to any changes that impact licensing across agreements.


License Models—Varied Metrics and Complexity 

IBM’s software products are frequently deployed across the IT infrastructure and supported on multiple operating system platforms, which increases the complexity of the environment. Managing the vast deployment of IBM products is a daunting task, but for the most part, licensing can be categorized into three major “buckets” – user-based, capacity-based, and other licensing. However, the main difficulty comes from tracking which product goes with the appropriate licensing “bucket.” We’ll now cover the most popular licensing metrics, starting with what is known as Processor Value Unit (PVU).

Processor Value Unit (PVU) – Introduced in 2006, PVU based licensing was created to take the processing capacity of the server into account to determine licensing, rather than relying solely on the number of cores. This change was made to account for the increased processing power of newer technologies, and the gradual shift towards virtualization.

According to IBM, a Processor Value Unit (PVU) is a unit of measure used to differentiate licensing of software on distributed processor technologies (defined by Processor Vendor, Brand, Type and Model Number). In many virtualized environments, certain cores and processors are partitioned, or segmented off to be used for VMs. This means that using the PVU metric under full capacity, a virtual application that only uses 12 out of 24 cores on a server, would still be licensed for all 24 cores under the PVU metric, rather than the 12 cores that are currently in use to support the application.

PVU metric calculations are by far the most complicated and have many moving variables, including the use of virtualization, processor name, server model, number of sockets,  and processor model. IBM created IBM PVU tables assigning core values based on processor architecture, vendor, brand, type, and model number as well as the total cores (number of processors x core per processor). These PVU tables publicly available on their website and show the model, processing capacity, as well as the associated PVU value for the available processing technologies (x86, RISC, and System Z).

Storage Value Licensing—For products licensed by storage data, IBM counts the deployment by ‘Tebibyte’ and not the default ‘Terabyte’, which is 90 percent of a Tebibyte. This confuses many customers as it is a nonstandard way to measure storage.

User-Based Metrics—Be sure not to overlook the user-based metrics, as it is very common to over-deploy IBM’s user-based software since there aren’t any built-in controls to restrict software usage.

Disaster Recovery (DR) Environments—Cold and warm standby servers are not chargeable. Therefore, you need to be careful around IBM’s classification of “hot standby” systems, which are servers performing work such as mirroring of transactions, updating of files, and synchronization of programs, etc. Machines deemed to be running in “hot standby” mode require the appropriate software licenses from IBM.

Full Capacity Versus Sub-Capacity Licensing—To account for increased virtualization, IBM introduced licensing by sub-capacity. Instead of licensing the product for the full capacity of the server or group of servers; it instead measures the capacity in use in the environment. This helps to reduce unnecessary licensing fees as servers are not licensed by their full capacity or total CPU cores.

While sub-capacity is available to customers who agree to the terms and conditions of the agreement, full-capacity licensing is the default unless otherwise agreed in writing with IBM. Given the cost and processing advantage of running IBM software on virtual servers, most businesses prefer to virtualize their IBM environments. However, by default the software is licensed by full-capacity or all processors and cores on the physical host (and server cluster in some cases) must be licensed, as opposed to just the VM or instance running IBM software, which is known as sub-capacity licensing. For a customer to be granted sub-capacity licensing rights, the customer must agree to the terms and conditions of IBM’s sub-capacity agreement.

However, there are two requirements to be eligible for sub-capacity licensing. First, the IBM License Metric Tool (ILMT) must be installed and configured within 90 days of first use of an eligible sub-capacity product. Second, a quarterly report must be produced through ILMT and available to IBM upon IBM’s request.


What you need to know about IBM’s License Metric Tool (ILMT)

ILMT is a free tool offered by IBM to measure the metrics necessary for IBM software licensing. ILMT has several functionalities, including software discovery and identification, signature discovery, reports, license usage monitoring, and producing metrics for IBM licensing. In other words, ILMT is similar to a SAM tool that is built specifically around IBM’s PVU based products.

As it relates to licensing, the most important features of ILMT are the reports, license usage monitoring, and licensing metrics. ILMT calculates the maximum core capacity of the server that is available to the installed IBM software, and then determines the number of PVUs or other processor-core entitlements that are required. Given this information, ILMT can produce reports that contain a detailed summary of all the machines in your environment. These are the reports that must be submitted to IBM to be eligible for sub-capacity licensing.

While these features are undoubtedly valuable, they are not perfect. Part of the challenge with ILMT is that it requires significant effort to properly install and configure to capture all of the necessary information. ILMT relies on an agent being installed on a target machine, whether physical or virtual, in order to report deployment data to the ILMT license server. In cases where an agent cannot be deployed to certain enterprise systems, there needs to be a workaround process to gather the installation data from the machines.  Furthermore, many customers find that despite having ILMT installed, their coverage across the environment is incomplete, or they did not properly account for bundled software. The scans themselves can also fail, as there have been known issues with disk space, compatibility, and credentials. Be sure to be aware of these potential pitfalls when using ILMT and consult an expert as needed.

Other leading SAM tools have developed capabilities to measure IBM product use, specifically for the PVU metric. However, if used in place of ILMT, the tool outputs should be reviewed to ensure PVU calculations for both full and sub-capacity licensing are accurate, and product bundling is being addressed by the non-IBM solution.

Given the complexity and dynamic nature of IBM’s licensing models and technology portfolio, it’s very important to understand the licensing metrics to ensure that you mitigate over-deployment, as many customers have been subject to millions of dollars in license fees resulting from an IBM software audit.


While this article is not an exhaustive list of IBM licensing metrics or a complete audit defense playbook, we hope that this provides some clarity and insights around IBM’s complex licensing models and ILMT to better prepare for your next software review or IBM renewal. If you would like more information on how Connor’s Software Advisory Services may help reduce your vendor licensing risks and optimize IT spend, please contact us at info@connor-consulting.com.

For companies with limited resources, deciding to start a compliance program can be tricky. As we’ve outlined in our previous blog post, there are good reasons to establish a compliance program for your company, even if it’s small or medium-sized.

Despite these benefits, many companies are concerned about how a compliance program will affect their relationships with their customers. Executives weigh the responses to questions, such as “How will a compliance program impact my customer relationships? Will auditing a customer damage my relationship with them?”

These are legitimate concerns for companies to have, especially when they are considering establishing a compliance program. The inter-company dynamics that are at play, and which have oftentimes opposing motivations, are manifold. For example, when expanding and growing your company’s footprint within your customer base, the sales division is typically risk-averse and tends to avoid anything that may jeopardize their sales efforts. From their point of view, customers may not want to place new orders if they get audited for their prior purchases. This is an old argument that has been proven to be wrong. The notion that your customers will pull their prior investments and go to your competitor makes no economic sense. While working with all our clients, we have not found evidence that this is the case. Here’s why:

  1. Your customers choose your product over your competitors for good reason. There is value that your product or service offers, and an audit of books and records will not diminish this fact.
  2. No CEO or CFO will ever consider killing a prior investment for the sake of vengeance. They have invested thousands, if not millions, of dollars in implementing your offering and moving to a competitive solution would effectively destroy this capital and damage shareholder value.
  3. Auditing is a standard business practice across all industries. Let’s face it – audits are just a part of life and your customers are being audited by other vendors as well.

Although customers/licensees may try to use the concerns above as scare tactics to discourage audits, the reality is that compliance is—and has been—a fact of business life for a long time. Done correctly, the risk of losing customers or business can be mitigated, and your customer relationships will remain intact.

In fact, contrary to popular belief, most compliance programs strengthen your relationships with customers, rather than harming them. By nature, compliance audits require more regular touchpoints and communication between both parties. While some of these touchpoints will be focused on the audit, both parties can leverage the frequent interactions to re-evaluate future business needs and dynamics. This, in turn, can help identify business opportunities tailored to your customer’s immediate and future needs.

As the licensor, a key component to setting up a successful compliance program that will not harm your customer relationships is effective internal selling. Your main goal will be to secure C-level buy-in and support. To begin with, you’ll want to articulate the right value propositions for the program and remove any fears that your internal stakeholders may have. Furthermore, demonstrating the value of a program through a successful pilot, or getting testimonials from industry peers, will help you win over your critics.

At the same time, you’ll want to be sure you are deploying best practices when it comes to your compliance program. At Connor, we leverage our compliance expertise to help you get started and set up an effective compliance program with the industry’s best practices.

To learn more about how to get started on a compliance program with Connor, please contact us at info@connor-consulting.com.

In late 2018, Oracle announced they will make you pay for using Java. This news has caused a great deal of confusion among both customers and Software Asset Management experts. Many people, for good reason, believe they need to pay fees to Oracle to move forward with their Java usage. However, access to the open source Java license hasn’t been cut off completely. Read on to find out how you can continue to benefit from a free Java license and when to upgrade to a paid license. ­

First and foremost, you’ll need to understand the difference between the two (2) different Java offerings from Oracle.

There are currently two versions of Oracle’s Java:

  • Oracle OpenJDK
  • Oracle JDK (also known as Java Standard Edition or Java SE)

Let’s clear up any confusion surrounding OpenJDK’s pricing — OpenJDK remains a free product even with the new licensing rules. This is because OpenJDK is licensed under the GNU General Public License, which is a free license for software and guarantees end users the freedom to run, modify, and share the software for free. Although certain limitations apply, OpenJDK is intended for both public and commercial use and will remain free for the foreseeable future.

However, it is important to understand Oracle’s new release cadence and how this can affect your organization. Oracle has announced that upgrades for OpenJDK will be released every 6 months, and each release will replace the previous one. Consequently, any new bug fixes can only be applied in 6-month intervals. Also, any security risks identified in any of the previous Java versions will only be addressed in security patch updates every 6 months. This forces customers to perform upgrades for their Java environment twice a year aligned to Oracle’s release calendar, which may lead to performance issues or instability, along with IT operational challenges.

Depending on the size of your organization, you may require a dedicated team to test, install, and update new Java versions before implementing them, as well as check for any system anomalies or compatibility issues with other applications. Not only will the teams need to install and test these updates twice a year, but they will also be required to monitor and manage the Java environment more diligently than before. This may not be practical for many IT departments, who are continually faced with having to both run and grow their businesses.

For those IT departments who can’t dedicate a team to Java updates, they may prefer Oracle JDK. Though not free, Oracle JDK provides 3 years of licensing and support, and customers will have immediate access to security patches, updates, and bug fixes throughout the entire support period. IT teams will have 3 years of runway before they need to upgrade to the next Java version so this allows more time to properly test and integrate Java into their IT landscape. However, it all comes down to what end-users are more comfortable with from an IT operations perspective — upgrading Java in 6-month intervals or doing so every 3 years.

Understand your Java environment.

So, should you stick with the free license or move to the paid one? This is the question most organizations are currently assessing. If you are currently deploying Java or you’ve been planning to start using Java, you should start by asking your IT leaders the below questions.

Question 1: What version of Java do you use?

We believe this is the most important fact to know about your Java environment. Without proper knowledge of your Java environment, you won’t be able to make effective licensing decisions.

After you find out your currently deployed license version, you can consider the following three (3) options if you want to stay with Oracle Java:

  1. Stay on your current version of Java without performing any updates that will force you to accept Oracle’s new licensing terms. This option is not recommended because of security threats that might leave your entire organizations exposed to cybersecurity attacks. If you are still using Java 8 or lower, then you may want to rethink the entire Java environment for a possible upgrade or an alternative solution.
  2. Purchase Oracle support for Java 11. This is the first version made available for the 3 years subscription licensing model. If you decide to transition to Java 11, it’s key to note that desktop pricing is $2.50 per user per month, or lower with tiered volume discounts. Processor pricing for use on Servers and Cloud deployments is $25 per month or lower, depending on the purchasing volume. For more details around licensing metrics and volume-based pricing, check out Oracle’s Global Price List for Java http://www.oracle.com/us/corporate/pricing/price-lists/java-se-subscription-pricelist-5028356.pdf.
  3. Upgrade to Java 12. This is the latest version of OpenJDK released by Oracle in March 2019 and can be used for free in any environment. However, based on the new licensing rules of Oracle, you should be prepared to upgrade to the next version in September 2019, given the 6-month release schedule. While companies with small Java environments might not see any issue with upgrading this often, larger organizations may need to consider the effort and resources needed to support this IT and change management process.

Question 2: Where is Java being deployed?

If your company uses Java for testing and developing only (non-production), then you can keep using Oracle JDK without paying for it. However, if Java is heavily deployed in your production environments, you will need to purchase the proper licenses from Oracle or re-consider your options as discussed above. Oracle has confirmed that it no longer offers any commercial support for OpenJDK builds after the April 2019 update.

Question 3: How many applications and users are Java-dependent?

You’ll want to be able to assess all possible risks of using OpenJDK vs Oracle JDK, and also, understand the financial impact of moving to the subscription-based licensing model. Before making a decision, it is essential to understand how the release frequency may affect the applications running on Java and how IT resources will be impacted to effectively support the updates.

Actual and intended usage are also very important factors in deciding which licensing metric or model is best suited for your organization. Oracle licenses JDK on the “Named User Plus*” metric, which means that you will be required to pay for all the “individuals authorized to use the programs which are installed on a single server or multiple servers regardless of whether the individual is actively using the programs at any given time. A non-human operated device will be counted as a named user plus in addition to all individuals authorized to use the programs if such devices can access the programs.”

Alternatively, you can also license JDK on the “Processor*” metric which “shall be defined as all processors where the Oracle programs are installed and/or running. Programs licensed on a processor basis may be accessed by your internal users (including agents and contractors) and by your third-party users.” (Source: Oracle Java SE Subscription Global Price List)

To summarize, the most important difference between the two available Java builds come down to how often customers will receive updates and support. If you’re using the OpenJDK version, Oracle won’t be providing updates to past versions and new releases will follow a 6-month schedule, whereas Oracle JDK will provide access to patches and updates throughout your subscription term, allowing more flexibility on product upgrading timelines. Also, understanding actual and intended and will help you determine the most effective licensing model for you, factoring in any IT operational impact and subscription costs to your organization.

With that said, we strongly recommend evaluating your entire IT landscape that runs on Java and taking the necessary measures to ensure you won’t spend more time and money than needed to keep your Java environment reliable, stable, and secure. By partnering with a 3rd party licensing expert and initiating a Java risk assessment, you can help your company stay compliant with Oracle and save millions of dollars in unplanned subscription or software licensing fees. To learn more or to schedule a no-charge Java evaluation, contact Connor at info@connor-consulting.com today.

In the first 3 parts of our SAP blog series, we’ve walked through SAP’s more challenging indirect use licensing model, from its history, the new Digital Access Model, to some tips on selecting the licensing model that is best for you. However, even with all of the indirect use knowledge, indirect use only covers one part of your SAP environment; should SAP audit you, they will be reviewing your entire SAP environment.

While many companies know they should perform self-assessments and evaluations before an official audit, most hesitate to perform them due to a lack of skills, resources, or time.

Introducing the “SAP License Assessment in 21 days” which is powered by our Connor for SAP Optimization tool.

To support companies in baselining and fine-tuning their SAP environments with a quick turnaround, minimal effort, and actionable insights, we have created a risk-based assessment program fuelled by the latest in automation software. By taking a deep dive into your SAP usage data, and combining it with unparalleled expertise in SAP licensing, we can craft a vendor negotiation playbook so you can ace an SAP audit, or prepare for an upcoming contract renewal in just 21 days. Our phase by phase approach is described below.

Day 1 to 10: Software baselining & reconciliation. Create a complete overview of your SAP landscape.

Together, we will define the specific application and engagement scope with the customer. Once set and agreed upon, we’ll proceed to the initial phases of the assessment: data collection and validation.

The first phase of the SAP License Assessment is the most complex and is often the most difficult for companies to complete. It involves a combination of data collection and validation techniques to provide a holistic picture of what the customer owns and what is deployed (and used) across all systems.

By centralizing and interpreting all software purchase records (SAP master agreements, order forms, transfer of license, termination letters, etc.) we’ll help to create a comprehensive inventory of all your software and support entitlements that can be compared to actual product installations. In parallel, we’ll measure your SAP application usage for any in-scope products leveraging our Connor for SAP Optimization tool.

The tool was designed to rapidly scan all SAP systems across both production and non-production environments, and baseline every SAP user and detectable product deployment across reachable application servers.  It not only detects created users in the SAP systems, but it also pinpoints any indirect access anomalies or risks, and documents created through external applications. Best of all, it is mostly automated and requires minimal customer intervention! Discussions with applications owners and SMEs will help validate any findings and increase the completeness and accuracy of the assessment.

By the end of the first phase, we’ll reconcile the collected data so that customers can quickly determine whether they are out of compliance or over-licensed for SAP software.

Day 11 to 16: License optimization. Achieving proactive management for software usage.

In the second stage, we’ll focus on resolving any existing compliance issues resulting from phase one, and determine the appropriate course of action, if any. While the first stage is perhaps the most complex, the second stage is probably the most crucial step in the assessment.

With the data collected in the first phase, our automation tool can efficiently reclassify licenses based on the actual usage and authorizations that are assigned in the SAP systems. By pinpointing inactive users, the tool will help you reduce your software usage and allow for effortless reallocation of unused licenses to active users. Engine usage and associated metrics are also easy to identify and you can decide if you want to keep the same metrics or license the engines on more cost-effective or available metrics.

We’ll also take extra steps to create a list of all users and their assigned license types to avoid unnecessary license costs, whether or not your company plans to migrate to S/4HANA. By counting both the documents created in the system and the maximum number of SAP users, we can calculate the financial exposure for indirect access fees. Based on the results, we’ll perform a cost-benefit analysis of the different license scenarios and recommend the most cost-efficient solution tailored to your environment.

In addition, our solution can provide intelligent alerts about any suspicious SAP data consumption. You can also control the allocations of SAP licenses in real-time through intelligent mapping of the proper license type to the actual usage.

Day 17 to 21: Audit Defense & True-Up Assistance. Getting the expert support needed to negotiate successfully with SAP.

In the final stage, Connor will leverage its deep SAP knowledge, as well as its IT sourcing and license compliance experience, to assist with challenging SAP negotiations in order to optimize license costs, improve commercial terms, and reduce non-compliance risk. In addition, we will work closely with customers to find the best product offerings and purchase timelines to effectively meet their future business needs.

Beyond the SAP Digital Access Model Blog Series

If you haven’t been following this series of blogs, you can access the first three installments in the series below:

With the insights you’ve gained in this 4-part series, you should be armed with the information necessary to challenge SAP during a software audit or upcoming contract negotiation.

However, having the knowledge alone doesn’t get you to your desired outcomes with SAP. You must take the appropriate or recommended actions in order to implement an effective SAP license management program. It’s no trivial task, but the good news is you’re not alone and you can learn from other companies’ costly mistakes!

At Connor, we’re industry experts when it comes to vendor licensing and IT spend optimization and can help you implement an effective SAM program, just as we’ve done for other major companies. Whether it be SAP or any other major vendor in your IT landscape, we will level the playing field on future vendor audits and deals, saving your organization millions of dollars. For more information on our 21 day SAP License Assessment or no-cost risk evaluation, please contact us at info@connor-consulting.com today.

If you’ve been following this SAP blog series, you should have a good understanding of the changes from SAP’s old indirect use licensing to the vendor’s new Digital Access Model (DAM). Now that you have a firm grasp of each model after reading through parts 1 and 2 of our SAP series, how do you know what’s the best licensing model for your company? To start, it’s prudent to lay out the pros and cons of each model.

The old licensing model’s greatest strength is that it’s a familiar and common user-based licensing model. Many companies are already licensed for user-based indirect use through their existing SAP agreements; since the DAM was introduced in 2018, many companies have not yet converted to it. If you stick with your current licensing model, you can avoid administrative licensing paperwork, although you may not be able to effectively optimize your software environment and reduce unnecessary SAP vendor spend.

Additionally, licensing named users is quite common across the software industry, and many SAM tools have built-in functionality that can match license entitlements to specific user deployments. In theory, if you’re able to track and measure all users accessing SAP, you’ll be able to manage licensing and vendor compliance.

However, this leads to the old licensing model’s greatest weakness — it’s very difficult to track all remote and indirect users. As discussed in part 1 of this series, this was one of the major customer complaints with the old licensing model. While it may be relatively easy (depending on your company size) to track your company’s internal users, it gets more difficult tracking all customers and external users who access your ERP or SAP system. Without a clear definition of what indirect use activity entails, many customers are not able to identify and count users who needed to be licensed, resulting in major license fees or penalties resulting from an audit.

The new DAM is meant to be simpler for customers to manage and track. Instead of having to license individual users, the DAM calculates users based on documents created which is a lot easier to measure and track, given there are specific SAP tables you can query based on the document type. In addition, SAP plans on moving all existing customers to S/4HANA by 2025, so you will likely receive better support for the DAM, as compared to the older licensing model.

The challenge with the DAM is that it is still uncharted territory and a relatively new license model. Due to SAP’s aggressive auditing history, many customers are still skeptical about switching to the DAM thinking it is a vendor ploy to upsell additional software. Document-based licensing is also unfamiliar to many organizations, and while SAP may be pushing to convert all of its customers by 2025, it’s hard to predict how the DAM will unfold in the next few years.

Additionally, there is a potential risk of double licensing users if you don’t manage your SAP software diligently. In the past, users already covered by a Professional User license accessing SAP through third-party applications were not charged for indirect access. With the DAM, any user who updates the SAP system and creates a document through external applications will be charged through the new pricing model. This opens up the possibility that a Professional User who creates a document in SAP through a third-party application could be charged twice: once for the documents created in SAP and the second time for any other indirect access usage. Unless you’re tracking those indirect users who are also creating documents within SAP, your company is likely to overpay.  Below is a table which summarizes the pros and cons of each licensing method:

User-Based SAP Licensing Digital Access Model (DAM)
  • Familiar license model
  • Many customers are already licensing SAP through a user-based model
  • Many SAM tools have the functionality to aid with user-based licensing
  • Avoids having to keep track of all internal and external users (e.g., indirect access)
  • SAP is pushing for customers to make the switch


  • Tracking external users is very difficult
  • True-up fees may become very large if you aren’t properly licensed
  • The DAM is still not widely adopted, so it’s hard to tell how well the model works
  • There is a risk for double licensing

Converting to Digital Access: Current Options

Given this information, it’s now time to consider your existing options. There are three (3) viable options available when it comes to adopting/or not adopting the DAM.

  1. Keep your current license agreement and do nothing

This option is recommended for any customers who are content with their current contract and the indirect access model based on named-users and maintain an effective way of counting direct and indirect application users of SAP.

  1. Keep your current contract with the possibility to exchange the old Indirect Access licenses to the new Digital Access licenses.

If you purchased any of the engines to cover the indirect scenarios (order-to-cash, procurement-to-pay, or Platform User licenses) you can obtain a vendor credit and switch to DAM based on SAP’s trade-in values.

  1. Move to S/4HANA with a converted contract

This option is for customers who want to give up the legacy model and switch entirely to S/4HANA. In most cases, SAP will credit you 100% of the value of the old agreement towards purchasing licenses under the S/4 license model. SAP will incentivize you to move to S/4HANA, along with any of their other cloud-based solutions. Customers are responsible to pay for any difference in license or subscription fees after credits are applied by SAP.

Identifying Licensing Risks: 5-step Customer Roadmap

Whatever option you end up choosing, we recommend all customers be proactive and not get blindsided by SAP. If you can’t decide whether to migrate to the DAM or stay on your current contract, you can start with the following five (5) steps to analyze your SAP landscape so you can make the smartest, most cost-efficient decision:

  1. Create an architectural diagram for your entire IT environment

Creating a graphic representation of all applications and connections, focusing on software that sends and receives data from SAP, is valuable to your organization if it doesn’t exist already. The diagram should be updated whenever new external applications are implemented or existing ones retired. For smaller companies, it may more efficient to identify only the third-party applications that send data to SAP, whereas larger enterprises will want to maintain a bi-directional application interface view.

  1. Get an overview of all connection types between SAP and non-SAP applications

You need to identify data connections between SAP systems and other software. Depending on the size of your IT environment, this may be a very time-consuming activity, but it’s useful for recognizing indirect access. Start by looking for users created in SAP that interface or exchange data with external applications.  There are tools that can aid you with this exercise, along with 3rd parties you can engage with this licensing expertise.

  1. Identify entries in the SAP tables

This is an important step in identifying whether third-party applications are updating any tables in SAP by sending data. You should keep in mind the nine document types measured for indirect use and check the tables where these documents are recorded. Based on the volume of entries registered to SAP, you can identify potential digital access risks. Note that documents created through direct access should be ignored, as well as any other documents created through SAP cloud, such as Ariba, SuccessFactors, Concur, etc.

  1. Find users who update SAP through external applications

Once you have identified all third-party applications that communicate with SAP and excluded any applications that fall under the indirect static read, you’ll arrive at a reliable user list for any interfacing third-party applications.

This list needs to be compared against a list extracted from SAP so you exclude users who already have a license assigned in the SAP system. All other users require an SAP license.

  1. Compare prices of both licensing models

Based on the number of users and the volume of documents created in your SAP system, you can decide which license type is more cost-effective for your organization. Put simply, if the interactions between third party applications and SAP generate a high volume of documents, you’ll want to stick to the old licensing model for now. If you’re not producing many documents within SAP tables, but have a high number of internal and external users, it may be more cost-effective to switch to the DAM.

Switching licensing models is certainly not an easy decision to make. You’ll want to ensure you have a complete and accurate of a picture of your SAP licensing environment, then perform a cost-benefit analysis on which model is best for your organization.

Once you’ve made the decision that’s most suitable for your company, you’ll want to be sure you are well prepared for an SAP audit. Given that SAP is pushing all customers to switch to the DAM by 2025, SAP will likely ramp up the volume of customer audits globally to capitalize on the complexity of their user-based licensing model and to leverage any software findings to negotiate conversions to the DAM.

In the last part of this series, we’ll cover how to proactively prepare for an SAP audit, and complete a software baseline and optimization effort in just 21 days.


If you want to learn more about how SAP’s licensing models, and how to protect against SAP audits or prepare for an upcoming contract renewal, contact Connor at info@connor-consulting.com today.

Did you know that non-compliance rates in your industry range from 5 – 25%? When people think of compliance programs, they usually only consider large companies. And rightfully so, as most major and mature companies do have a compliance program in place. In each of the licensing industries—Software Licensing (SLC), Royalty-based Licensing, or Brand Licensing—there are household names that many people know about. You might recognize Adobe and Oracle in the SLC space, Dolby or HDMI in the Royalties space, or Philips and Nike in the Brand Licensing space.

For these companies, a compliance program is part of their corporate strategy. Whether a company has an in-house team that performs all compliance aspects, from analysis, targeting, engagement, and negotiation of a settlement, or a outsources all their compliance work to third parties, companies can collect potentially millions in underpaid or unpaid licensing or royalty fees.

Despite the benefits that many large companies derive from a systematic compliance program, smaller companies often hesitate to establish such a program for three reasons:

  1. They may not have the expertise or know-how to set up a robust compliance program. They may not understand how it aligns with their corporate strategy, or what department (e.g. Sales, Legal, or Finance) a compliance team would fit into.
  2. They may not have the resources available to establish a compliance program comparable to the larger organizations.
  3. They may be concerned that establishing a compliance program may scare away customers, or damage their reputation.

Therefore, many businesses ultimately decide against pursuing a compliance program at all.

But there are good reasons to set up a compliance program, even for smaller businesses. For one, a compliance program can help you protect your IP-assets and investments. As a business, these assets are key to ensuring your business continues to thrive. Protecting them through a systematic program which verifies that appropriate IP protection mechanisms are in place will help you safeguard your revenue streams and protect shareholder value. This, in turn, can help you with your investor discussions about current and future funding rounds.

A comprehensive compliance program can also help level the playing field for your licensees to compete. Non-compliance can create distorted market conditions that benefit those who under-report and underpay on royalties or licensing fees. If your licensees cannot compete in the market because their competitors are consistently underpaying royalties, this will inevitably erode their competitive advantages. Some regions are more susceptible to compliance issues than others and you need to be active and keep in mind that the cost of inaction is always higher than the cost of action.

As for royalties, securing or recovering underpaid and unpaid royalties is perhaps the most important reason to establish a compliance program. Ensuring you are properly paid for your company’s hard work is paramount if you want to continue to grow.

Ultimately, we recommend establishing a compliance program if your annual licensing revenue surpasses 2 million dollars. At this threshold, the monetary impact of underpaid or unpaid royalties can have a significant impact on your company’s bottom line, and the investment in a compliance program will make sense from a strategic perspective.

Small and medium-sized businesses have a variety of options at their disposal when it comes to starting a program: from targeted email campaigns, remote (off-site audits), all the way to limited and full-scope audits.

Leveraging a partner that can advise on the best strategy and engagement models will help you set up a successful compliance program. If you’d like to learn more about how Connor can help you, contact us at info@connor-consulting.com.

In part 1 of this SAP blog series, we covered SAP’s older indirect use licensing model and some of its shortcomings. To recap, many customers were dissatisfied with SAP’s licensing model, complaining that indirect use was not clearly defined, and that this led to unfair licensing practices and enforcement. Pushed by these complaints, and the visibility around lawsuits involving Diageo and Ab InBev, SAP changed their indirect use licensing model in April of 2018 to the Digital Access Model (DAM).

So what’s new about the Digital Access Model, and did it ameliorate some of the issues with the previous model?

There are two major changes in the DAM. First, the new model focuses on measuring the use of the Digital Core. The new SAP digital core platforms have been updated from SAP ECC to include the SAP HANA in-memory database, SAP S/4HANA and S/4HANA Cloud. SAP also offered a definition of indirect use, grounding the definition in the use of the Digital Core:

“Indirect/Digital Access is when people or things use the Digital Core without directly logging into the system. It occurs when humans, any device or system, indirectly use the Digital Core via non-SAP intermediary software, such as a non-SAP frontend, a custom-solution, or any other third-party application. It also occurs when non-human devices, bots, automated systems, etc. use the Digital Core in any way.” (Source: SAP ERP Pricing for the Digital Age).

By basing indirect use on the Digital Core, customers now have a clearer understanding of the specific instances of indirect use that needs to be licensed. At the same time, SAP remains somewhat vague on how far indirect use extends using all-encompassing phrases such as “in any way” and “any other third-party application.” We’ll cover some potential ramifications of these terms in part 3, but in the meantime, try to grasp Digital Core use in your environment and how your SAM tools can be leveraged to measure such usage.

The second major change that the DAM made was to shift away from user-based licenses, to a document-based model. Instead of licensing the number of users using SAP systems, the DAM calculates licenses based on the number of documents created, regardless of who created them.

The DAM outlines nine (9) system-generated document types that are considered relevant for licensing. The 9 document types are:

  1. Sales Order 2. Invoice 3. Purchase Order 4. Service & Maintenance Document 5. Manufacturing Document 6. Quality Management Document 7. Time Management Document 8. Financial Document 9. Material Document

To count the necessary licenses, SAP multiplies the number of documents by a corresponding multiplier, 1.0 for document types 1 through 7, and 0.2 for types 8 and 9. For example, 10 sales orders would be calculated as:

10 Sales Orders * 1.0 (document multiplier) = 10 licenses,

whereas 10 Financial Documents would be calculated as:

10 Financial Documents * 0.2 (document multiplier) = 2 licenses.

Importantly, license calculations are based on the initial document created, rather than documents read, updated, or deleted.

To give a more concrete example, imagine a customer using a sales management application to store sales, purchase orders, and payment data. Payment data is automatically transferred to the ERP, resulting in the creation of accounting records stored in the SAP system. Since only the financial module is updated through the third-party application, SAP will charge for the total number of accounting documents created in the system and license them based on the “Financial Document” document type.

But let’s alter scenario a bit and imagine that sales orders are registered on a web platform and are ultimately stored in an ERP. In this scenario, the initial sales order generates an invoice order first, and then an accounting entry in SAP. In this scenario, because SAP’s licensing rules specify that only the originally created document is counted, the customer would not get charged for all documents created in SAP (i.e. the sales doc., invoice doc, or financial doc.), but only the original sales order document.

To sum up, the key takeaways are:

  1. Digital Access is based on usage of the Digital Core (S/4HANA).
  2. Digital Access licenses documents, rather than licensing users.

In other words: Digital Access-Digital Core-Document Based

Currently, SAP customers can choose to license their software by named user (the old model) or by the DAM. But how do you know which option is best, and more importantly, less costly for your organization? In part 3, we’ll point out some potential pitfalls of both licensing models to help you make an informed decision about which licensing model is best suited for your organization.

If you want to learn more about how SAP’s licensing models, and how to protect against SAP audits or prepare for an upcoming contract renewal, contact Connor at info@connor-consulting.com today.

Note: This is the first of a four-part blog series

Imagine yourself in this scenario: your company runs an online business that sells products and services to thousands of daily customers and tracks all transactions through an on-premise or cloud-based financial/ERP system. All of a sudden, your ERP software vendor comes to audit you and demands true-up license fees for every single one of your customers that have ever made a transaction through the system, on top of your usual user licensing requirements. Wouldn’t you be disgusted by those findings?

Unfortunately, this isn’t exactly a fictional story, and SAP has recently taken the spotlight in the software industry for similar practices related to indirect software usage. Indirect use, which refers to virtual software use by either humans or bots, is a widely known software asset management (SAM) issue, and it has had major consequences for companies licensing SAP products.

If you’re worried about your SAP licensing and want to prepare for a potential SAP audit or right-size for an upcoming contract renewal, then our 4-part Indirect Use Guide will ensure you are ready to make well-informed licensing decisions for your company. In this 4-part SAP audit defense blog series, we’ll walk you through a brief history of SAP’s indirect use licensing methods, the ins and outs their new and improved Digital Access Model (DAM), key considerations before making the switch to DAM, and a guide to completing an SAP license assessment in about 21 days.

Part 1: SAP Indirect Use Licensing – A Brief History

When SAP first started charging customers for indirect use, they required named-user licenses for everyone accessing the SAP system through third-party applications. This meant that sales representatives and business customers who carried out sales and order related activities through a web platform were also required to be licensed for SAP products. The problem with this model was that it was often unclear what was meant by indirect use and how far it extended, as external users could be making updates to SAP database tables through a non-SAP application. Without full transparency and a clear definition of the users that required a license through indirect use, companies had a hard time managing their SAP licensing.

Understandably, many companies were unhappy with this reporting structure, and several companies refusing to pay indirect use licensing fees were brought to court, most notably beverage companies Diageo and AB InBev in 2017. Both companies refused to pay their initial multimillion-dollar license fees related to indirect use, and SAP took legal action on them.

Diageo’s case revolved around their deployment of two systems using SAP’s ERP interface mySAP. The original agreement between SAP and Diageo was signed in early 2004, and the systems in question were deployed around 2011. Ultimately, a high court sided with SAP ruling that Diageo was liable to pay SAP for the additional 54.5 million Euro licensee fees related to indirect use by customers and other sales representatives. For the most part, this case was settled in public and gave a lot of visibility to SAP’s aggressive software audit practices.

However, AB InBev’s $600 million case was settled in private. According to CIO.com, this came down to the method of enforcement. By enforcing the license agreement through Commercial Arbitration, the court case was able to be handled in private behind closed doors. For this reason, we still do not know how much AB InBev paid SAP to settle the case, although we know that the case was resolved outside of court.

As a result of these lawsuits, and the subsequent backlash from other SAP customers, SAP announced an improved approach for indirect use in late 2017. Organizations could cover any indirect use triggered by the creation of sales and purchase orders in the SAP system by licensing two engines: Sales and Service Order Processing or Purchase Order Processing. In other words, an unlimited number of sales and purchase orders could be created by an unlimited number of users, as long as you licensed the above SAP applications. However, the new model was not helpful or cost-effective to all customers, and many ended up still having to license indirect use by purchasing named-user licenses.

The Switch to Digital Access

Due to these shortcomings, SAP introduced a new licensing model in 2018, known as the Digital Access Model (DAM). While DAM is still a newer licensing model, SAP has been pushing for its customers to make the switch. In part two of this series, we’ll cover how DAM works, and the main changes from the older indirect use licensing model.

Getting Started with Your Audit Defense Strategy

If you want to learn more about how to protect against SAP audits, our compliance and software advisory experts help you successfully prepare for difficult vendor audits and boost the effectiveness of your SAM programs.

To learn more about our SAM and Audit Defense offerings, contact Connor Consulting at info@connor-consulting.com today.

Software Asset Management (SAM) and Cloud Cost Management (CCM) continue to fall into key priorities for IT organizations across industries. With the proliferation of the cloud, SaaS vendors, as well as on-premises software vendors, the need to have better insight into software or service consumption and organizational value is paramount. A well designed and mature SAM program greatly reduces inaccurate licensing of software, uncovers overspend, and improves overall system and data security. According to Market Research Future (MRFR), the global SAM Market is expected to reach approximately USD 2.45 Billion by 2023, growing at a ~14.18% CAGR over the forecast period 2018-2023.

At Connor, we have been investing significant resources to provide top-notch advisory services that provide both an auditor’s lens, along with a practitioner’s point of view of effective license management and optimization. With unparalleled experience from thought leaders who have set up and led SAM departments for Fortune 100 companies, Connor helps mitigate IT supplier risks and realize material cost savings, both on-premise and in the cloud.

However, we acknowledge that providing expert services is not always enough to help the world’s top companies manage software and calibrate cloud usage.. In order to provide the best possible solutions to our customers, we have partnered with leading technology vendors to provide a holistic approach to SAM and CCM, including Flexera, Movere, Snow Software, Xensam and Zylo.

“We at Connor are fully committed to helping companies design, implement and manage highly efficient and impactful Software Asset Management programs,” said Rich Reyes, Executive Vice President of Connor’s Software Advisory Practice. “Our partnerships with today’s leading solution providers ensure our seasoned consultants are equipped with the best-of-breed tools to help enterprises tame IT spend, limit security and compliance risks, and increase ROI on technology investments.”

These alliances will provide our customers with unparalleled vendor licensing expertise and actionable data for better decision making and IT cost optimization.


About Connor

Connor is a leading independent audit and software advisory firm that specializes in contract and supply chain management, compliance, and license & cloud optimization.  Connor is a strategic advisor to industry leaders such as ARM, HDMI, Dolby, and many others.

If you would like to learn more about our services and how we can help you with your compliance or software asset management program, please contact us to explore the benefits for your organization:


+1 (415) 578-5002 or fill out an inquiry at http://www.connor-consulting.com/work

The on-premise approach to Information Technology (IT) and Software Asset Management (SAM) is continually being disrupted with ongoing digital transformation, IoT, and all things AI.  Traditional IT operating modes which rely on in-house applications and systems are being phased out in favor of multi-mode IT – a combination of on-premise assets and those hosted in the cloud.  Gone are the days of solely acquiring software and hardware from third parties, building data centers, and maintaining them through periodic asset refreshes; in their place, we will continue to see the emergence of public, private, and/or hybrid cloud environments.

As a result, companies have begun to discuss whether a switch to the cloud is necessary to gain ground on cross-industry giants like Amazon, and to stay relevant in a market which leaves behind companies that fail to innovate or go digital.  However, companies have to be wary of increased IT OPEX spend during migration to the cloud, and look out for retiring older equipment and software too early, as it may result in material impairments or write-offs.

The Solution Bias Dilemma

IT suppliers and vendors recognize these paradigm shifts as well, and are becoming increasingly opportunistic, often using cloud migration as a commercial lever to push their newer, and often more expensive, products and technologies.  For example, in what’s known as solution bias, IT vendors upsell their own cloud technologies during migration without giving much consideration to current usage or future needs.  At the same time, these vendors are adapting their license agreements and software counting rules for their own benefit, making it more cost-effective for customers to use their own cloud solutions.

In addition, IT suppliers are revisiting old unfavorable enterprise agreements which granted unlimited product usage, as they were written without the cloud in mind.  In the process, they are capitalizing on any contractual landmines or “gotchas,” such as site or hardware restrictions, to uncover one-time and ongoing license fees.

Currently, licensees who have already migrated to the cloud are often getting a “free pass” from vendors and auditors during a traditional software review.  Due to evolving supplier license models, rules, product metrics, as well as unpredictable customer behavior and patterns, IT suppliers have been excluding XaaS environments from the scope of their license assessments.  SAM tool agents and audits scripts are also not yet commonly installed in the public cloud, so there isn’t an easy or effective way to discover software deployments.  However, XaaS environments will likely soon become a standard part of inspections, unless customers acquire software licenses as a service (e.g., SQL through Azure) through a public cloud supplier.

Proper SAM and Cloud Governance is Critical

With all that being said, companies should not wait on the sidelines and observe how vendors or auditors begin to address software licensing in the cloud.  Without proper SAM, cloud governance and controls in place, the risk of software deployment proliferating is incredibly high due to the agile and scalable design of cloud environments.  Even companies with mature SAM disciplines are at risk, as they are not accounting for the layer of complexity that the public cloud adds to the SAM world.

In order to address these changes, companies must proactively inspect and uncover potential cloud licensing risks in vendor agreements before major migrations occur to help avoid significant license premiums and preserve their leverage over vendors.  Companies should re-evaluate, challenge, and enhance their “people, process, and technology” framework that was standard for on-premise SAM to account for the perils of cloud licensing.  Even when the supplier does not raise any issues, it’s leading practice to determine and assess potential licensing risks before launching into the cloud.  Once software licensing risks are identified, IT Executives can decide whether to assume them or develop a strategy to mitigate their negative impacts, potentially saving their companies millions of dollars and protecting technology innovation funds.

Next Steps to Modernize Your SAM Program for Cloud

Have your IT vendor contracts been evaluated for migration risks or does your CIO prefer to take a “leap of faith” into the cloud?!  To learn more about how you can best prepare for software licensing “gotchas” in the cloud, contact Connor Consulting at info@connor-consulting.com today.

In the meantime, check out this on-demand webinar to learn more about how Connor Consulting – in partnership with leading SAM technology vendors like Xensam – can help you take your SAM efforts to the next level.


About The Author

Rich Reyes is an Executive Vice President for the Global Software Advisory practice at Connor Consulting.  He brings 20 years of thought leadership around software licensing & compliance, technology asset management, and IT sourcing.  Rich has performed hundreds of software audits on behalf of major vendors, and he’s established and led an ITAM/SAM department for a Fortune 100 retailer.  He continues to advise companies on practical ways to mitigate IT supplier risks, reduce vendor total cost of ownership (TCO) and optimize software licensing environments.  Rich holds CISSP and CISA certifications and is a frequent speaker at industry events.