License Audits…Enforcing Ethics

Ethics.  In the consulting business, the perception of your level of ethics can break you.  I haven’t seen a lot people gain work because of their perceived ethics, but I have seen several lose work.  We all like to assume that the person across the table, phone, or email will act in a fair and ethical manner.  The more “real” the social interaction, the stronger the assumption.

Well, recently it appears EMC has been checking on the usage of Documentum in some clients.  Specifically, they have been conducting audits to check that licensing agreements are being followed.  This revelation just screams for comment on the event and the underlying culture.

Enter the Auditor

Alan Pelz-Sharpe of CMS Watch observed that EMC, and their auditors KPMG, are starting to check the licensing agreements of some of their customers in the U.S.  He points out two important facts:

  1. It is within a vendor’s right to conduct the audits.
  2. Customers generally don’t like it.

Audits are time consuming for an organization, regardless of the outcome.  It also sounds like in this case that EMC/KPMG is pushing some of the burden on the clients by not sharing what licenses EMC thinks that the organization should possess up-front. Alan gives some sound advice for dealing with the situation that should be followed in all vendor audits.

Alan expects that with the recession, audits may become more frequent.  I would agree, especially considering the anecdotal story of a six figure gross from an audit.  If a vendor can make a six figure profit, plus the increased maintenance fees, after paying audit costs, then they will keep conducting audits until they run out of people to audit.

One lesson learned, always keep copies of what has been licensed readily available so that anyone, present and future, can readily find it.

The Ethical Line

Okay, so we have the lesson to always know what you have licensed.  The other, stick to it.  I’m sure that many “violations” have been from people not understanding what they have licensed.  Many organizations, when faced with a licensing limitation, do try to remedy the situation.

This is where you, the professional, comes into play.  As a consultant, I have been brought into many clients where they did not know exactly what they had licensed.  Usually it was quite simple to find out.  Usually a call to the account representative by the customer clears it up.  Documentum customers can just log into the Download Center to see what the system thinks is licensed.

I always check when I can.  If I see a situation that requires more licenses than are currently in use, I double-check with the client, and if they aren’t sure, encourage them to check with the vendor.  What if a client pushes back?  What if you know that they are in violation of their license agreement and they choose not to do anything?  This is a tough ethical quandary that I would pass to the lawyers.  I haven’t dealt with this before so I can’t say exactly what I would do in that situation.  The only thing I know for certain is that I would not be doing work with them again.

Another common scenario is trying out a new component in a Proof-of-Concept.  This could be run in a development environment or in a stand-alone system.  As an partner with a few vendors, I have access to lots of installation packages.  They are for my company’s use in learning and evaluating the software. They are also used to show new and existing clients the capabilities of the different products.

Over the years, I have seen organizations tempted to take evaluation installations and use them for production.  This is another fun ethical dilemma.  This one is a little simpler, if only because it is more familiar.  Usually once the acquisition process is under way, and I check with the vendor and the client, I usually proceed in Development, but no further.  I have had situations where either the vendor or the client (Yes! The Client!) have said to wait until the acquisition process has completed.  This usually leads me to work on some other project while the software is acquired.

A Problem?

If a vendor can make a profit by conducting license audits, then there is a problem in the customer community.  For most of Documentum’s products, there is no license key or enforcement on the server.  I can take a standard Content Server installer and create a massive set of environments.  There is nothing to stop me, aside from ethics and trust.

eRoom, on the other hand, strictly enforces the user licenses.  When you install the software, you install a license key to turn the installation from a 30-day trial into an installation for X named users.  When a user logs into the system, they claim a license until they are all gone.  When you run out, you can take them from old users by inactivating them or by getting a new key from EMC.

I’ve worked with both products, and the former is easier to work with by far.  If customers take advantage of this, and abuse it, then things will change and things will become much more difficult to develop and evaluate solutions.

Everyone loses in that situation.

5 thoughts on “License Audits…Enforcing Ethics

  1. Anonymous says:

    I have been through the EMC audit with some of my customers. Frankly, it is a revenue grab that is an attack on it’s customer base. It is going to change how we look at licenses and add-ons.

    Let me give you some examples.

    How are you licensed for dev, test, staging and coop? Not sure? Did you get an oral ok from the sales rep? Well those days are over. Get these environments included in your production licenses, get it in writing, or don’t buy.

    Seat licenses for the IT department might cover you for your non-production environments, but what about CPU based modules such as TCS or BPM?

    Don’t think for a second EMC will treat you the same as anyone else. Just as one customer was getting hassled for licenses on cold COOP another was getting all environments included in the cost of production.

    Finally, don’t cave to the pressure. This is like the rule about not negotiating with terrorists. If the audits pay, you will only see more of them. Review all your licenses and abandon anything you won’t be using. Don’t be afraid to take a hard look at who is using their seats and who is not. It might be better to deactivate users who are not using the system. It may also be an option to look at reconfiguring hardware.

    The ironic part is that there is probably more EMC shelfware out there than license abusers. Find out what you need and stop paying maintenance on what you are not using.


    • Great comments. The part about the Dev/Test/Coop is troubling. I used to always ask, but got out of the habit after always hearing the same answer.

      The issue about having CPU and user models mixed is a solid point. It can be confusing. Another thing to remember is this…

      1 CPU = 1 dual-core CPU

      A quad-core is licensed as 2 CPUs. This is not just EMC, but includes other CPU licenses that I have run across in the last 2 years.



  2. Anon says:

    I have a customer who is undergoing an audit right now. The client is on a VM’s. Each VM is allocated 2 CPUs, but the physical host contains close to 30 CPUs. When I asked the EMC rep why he and the auditors wanted the physical CPU count, he said “Everything is taken into consideration”. Why can’t he give a straight answer? Cause it varies. The customer told me today, they are ready to drop the product all together if EMC gets nasty. So sad!

    This customer purchased in various rounds, 1 round was about 10 years ago and another one about 8 years ago. In both rounds, they were told that DEV is OK. No one on either side can find “signed” documents that state that fact, so EMC is producing generic documents from their website that do state DEV/Test/UAT, etc are NOT included in PROD. The signed documents that exist, have no references to their website. Not sure what will become of this. I will try to update you all after this all shakes out. Lesson learned. GET IT IN WRITING!

    They also seem to be auditing companies that have many years into it. Why? Because they know the players who were around on both sides (EMC and client) likely are not around now. So, less documentation and less argument as to what any agreements were. Its very possible that both sides can’t find the signed contracts, which is the case with this customer.

    They are looking into Alfresca as I write this! This customer has plans to expand in other departments, but EMC’s greed is likely going to force them to lose all the business, rather then get more over the years. EMC may think this customer is “in-bed” too much to drop it, but they aren’t. Most of the usage is fairly out-of-box and the customizations that do exist, could be re-written or re-done in another product.


Comments are closed.