Virtualisation's complex licensing is a 'ticking timebomb', claims study

Software licensing under virtualisation remains complex and many firms may have a significant shortfall in compliance, warns License Dashboard

Software licensing under virtualisation remains a grey area and many organisations are likely to have a significant shortfall in their software licensing compliance making them particularly vulnerable in a software audit, warned a licensing management service provider, License Dashboard.

A study it conducted among UK organisations in December 2012 revealed that nearly all respondents (97%) had virtualised their servers and more than half (58%) said they used dynamic provisioning – a flexible approach where virtual machines (VMs) are deployed from a centralised administrative console by any central IT administrator.

Using dynamic provisioning (such as VMware’s Distributed Resources Scheduler - DRS) has the potential to increase an organisation’s server licensing requirements by up to 500% at the click of a button, warned License Dashboard.

Virtualisation’s software licensing becomes much more complicated once technologies such as DRS are factored in, said Matt Fisher, License Dashboard’s director.

DRS, which dynamically allocates IT resources to the highest priority applications, has proved popular for the significant operational efficiencies it brings – for instance, 67% of License Dashboard’s own customers use it.

“However, DRS can also lead to a significant shortfall in an organisation’s licensing compliance, since an application has the potential to be used on every virtual machine if the need arises,” Matt Fisher said.

With current device-centric licences, this will often require the organisation to license every application on every virtual machine based on the potential that the application could run on it during peak times, unless significant rules are put in place governing the use and deployment of licences in virtual environments, he warned.

Under virtualisation, organisations operate many instances of a software program on a single physical machine. With the traditional device-centric software licences such as Microsoft Office and Windows licences, the organisation is required to license each virtual machine separately. While many suppliers have added user-centric elements to their licensing terms, since the licence remains at its core a device one, licensing under virtualisation remains a “grey area”, he said.

License Dashboard’s study also revealed that while a wide majority (87%) of respondents said that they have factored virtualisation into their software asset management (SAM) strategy, only 42% use a dedicated licensing solution for the task.

It also found that as many as 39% of respondents admitted to using an IT asset management (ITAM) or procurement system to track licences, which is often too simplistic in its licensing analysis to factor in the implications of virtualised environments, said Fisher.

“DRS has the potential to increase an organisation’s server licensing requirements by up to 500%. This is not only a significant additional licensing cost for the organisation to bear, but, if left unchecked, exposes the organisation to a hefty fine for non-compliance when it is next audited,” he said.

The company claimed that 67% of its customers had at least one software audit in 2012 (and 16% had three or more), reflecting the growing trend of supplier-led software audits.

A recent IDC research named Microsoft as the most prolific auditor. “This is a very real risk indeed that every organisation running a virtualised IT estate should be aware of,” it said.

According to the Business Software Alliance (BSA), 90% of all audit letters sent in 2012 were the result of tips from whistle-blowers which should act as a wake-up call to CIOs.

“If you are a company director and you are actively aware of [software licensing] problems in the business, then you are personally liable,” said analyst Clive Longbottom. 

“DRS has the potential to be a ticking timebomb for many organisations, so we urge them to review how their software is deployed in virtualised environments or risk facing significant fines in 2013,” said Fisher.

Read more on Virtualisation management strategy