License management

Overview

The IBM® License Metric Tool (ILMT) is an application that is provided by IBM to audit licensed products to ensure that licensed software is being used appropriately. Any IBM Verify Identity Governance deployment that is used in a production environment must be licensed. To assist customers, the following information demonstrates how licensing information can be collected for IBM Verify Identity Governance - Container deployments by using the Kubernetes infrastructure.

Deploying the ILMT operator

The IBM License Metric Tool container can be deployed by using a Kubernetes Operator that is maintained by IBM. This operator is available at https://github.com/IBM/ibm-licensing-operator

The IBM License Metric Tool team provides a guide to deploy the operator that uses the Kubernetes cli tool (https://github.com/IBM/ibm-licensing-operator/blob/master/docs/Content/Install_from_scratch.md).

After the license service container is running, you can deploy the IBM Verify Identity Governance - Container and verify that license audit information is being recorded.

Verifying the license server metrics

The Rest API of the license service container must be queried to verify that the container is able to collect the correct license audit data. Detailed information about the API can be found here: https://github.com/IBM/ibm-licensing-operator/blob/master/docs/Content/Retrieving_data.md

Enhanced integration with ILMT

IBM Verify Identity Governance - Container uses the IBM License Service to collect details about the IBM products currently running and the licenses being consumed.

By default, the IBM Verify Identity Governance - Container collects Processor Value Unit (PVU) metrics as per the requirements of the IBM License Metrics Tool (ILMT).

During installation of IBM Verify Identity Governance - Container, the configure.sh script prompts the user to choose the type of license (PVU or UVU). Default choice is PVU and it is updated based on the user choice during the installation.

The general → install section of config.yaml file contains parameters required for the license management. See the config.yaml reference topic for detailed information about these parameters.

For using UVU, IBM Verify Identity Governance - Container needs to self-report the number of UVU to IBM License Service.

Classifying users for license calculation

The Users for the purposes of license calculation are the sum of all Internal Users, External Users, and Infrequent Users.

• An Internal User is a unique person that is given access to the Program or whose access is managed by the Program and is an employee of the Licensee or a contractor performing work on behalf of the Licensee. Each Internal User equals one User for the purpose of calculating User Value Units.
• An External User is a unique person that is given access to the Program or whose access is managed by the Program and is not an employee of the Licensee or a contractor performing work on behalf of the Licensee. A ratio of fifteen External Users equals one User for the purpose of calculating User Value Units.
• An Infrequent Internal User is an Internal User who accesses the Program or whose access is managed by the Program less than five times a year. A ratio of fifteen Infrequent Internal Users equals one User for the purpose of calculating User Value Units.
  Important: By default, all users are considered to be Internal. The IBM Verify Identity Governance - Container license currently does not support Infrequent Internal User. The UVU calculation is only based on number of internal and non-internal users.

The total number of users is taken into consideration to calculate the required number of UVU licenses.

The customers can use enRole.properties file to specify what constitutes an External User. To define External Users, they can specify either a list of objectclasses, or an attribute=value pair. If both are specified, only the objectclass value is used.