Now openThe whole vendor lifecycle in one workspace. Benchmarking, negotiations, contracts, invoices, renewals. Free 30 day trial, no card.Start the trial →
Now openThe whole vendor lifecycle in one workspace. Benchmarking, negotiations, contracts, invoices, renewals. Free 30 day trial, no card.Start the trial →
Engineer reviewing infrastructure monitoring dashboards on dual screens
IBM Practice

IBM ILMT deployment. The 2026 sub capacity guide.

ILMT is the gate to sub capacity pricing. Deployed wrong, it silently converts your estate to full capacity billing. Six steps done right.

Contact Us IBM Practice
500+Enterprise clients
$2B+Under advisory
Industry Recognized
500+ Enterprise Clients
$2B+ Under Advisory
11 Vendor Practices
100% Buyer Side Independent

ILMT decides whether IBM bills 16 cores or 200. This guide covers the six deployment steps, the four contractual requirements, and the quarterly cadence that keeps sub capacity eligibility alive.

Key takeaways

  • ILMT is the contractual gate to IBM sub capacity licensing; without it, full physical capacity billing applies.
  • Deploy within 90 days of the first eligible product and cover every eligible host, including VM managers.
  • The six step sequence: server build, agent rollout, VM manager connections, catalog classification, report validation, operational handover.
  • Stale catalogs inflated PVU counts 10 to 25 percent in our remediation engagements.
  • Hold agent coverage at 98 percent or better and treat gaps as incidents.
  • Software scans must land at least every 30 days and capacity scans every 30 minutes; scan gaps read as full capacity periods.
  • Only HCL BigFix Inventory and Flexera One with IBM Observability ITAM are accepted substitutes; manual counting ended May 1, 2023.
  • Audits test two years of quarterly report history, not the install date.

Why does ILMT decide what your IBM estate costs?

ILMT is the contractual gate to sub capacity licensing, and sub capacity is routinely the difference between paying for 16 cores and paying for 200. The IBM sub capacity terms require an eligible tool deployed, configured, and reporting; without it, full physical capacity applies.

That makes ILMT a financial control, not a SAM hygiene item. A single uncovered VMware cluster can swing seven figures of PVU exposure.

The math is blunt. A 200 core vSphere cluster at 70 PVUs per core counts as 14,000 PVUs at full capacity, while the same WebSphere workload pinned to 16 virtual cores licenses 1,120 PVUs under sub capacity. ILMT is the only evidence IBM accepts that the smaller number is real.

The four contractual requirements

  • Deploy within 90 days of the first eligible sub capacity product, per the Passport Advantage program rules.
  • Cover every eligible host, including virtualization managers, not just the VMs running IBM software.
  • Generate quarterly reports and retain them for two years.
  • Keep the catalog current so bundled and supporting components classify correctly.

Miss any one of the four and the discount has no contractual foundation. The old small estate escape hatch is also gone: IBM withdrew manual sub capacity counting as of May 1, 2023, per the sub capacity terms FAQ, so an approved tool is now the only path for almost every buyer.

What architecture does ILMT need before you install?

ILMT is a four part stack: a server application, a DB2 or SQL Server database, scanners on every eligible host, and a VM Manager Tool that reads your hypervisors. Clear the prerequisites before the project starts, because the slowest item is never the software.

Small and mid size estates should take the all in one installer, which deploys the ILMT server with a bundled DB2 database at no additional license charge. Larger or segmented estates run ILMT on the BigFix platform with agents carrying the scan schedules.

Isolated zones such as DMZ hosts and validated systems use the disconnected scanner, with results moved by file transfer.

The prerequisite checklist to clear before day one

  • A supported server platform. Linux or Windows Server for the ILMT application, sized against your endpoint count per the ILMT system requirements.
  • A database decision. Bundled DB2 at no charge or an existing SQL Server instance, each with backup and retention policies, because this database is your audit evidence.
  • Read only hypervisor credentials. vCenter and equivalent VM manager accounts are usually the longest lead time item, so file the security requests first.
  • Network paths. Agent to server ports opened across every zone in scope, explicitly including acquisitions and DMZ segments.
  • A named owner. Sub capacity eligibility is an operating duty; without an owner the stack decays within two quarters.

The buyer side point: the tool is free and the infrastructure is modest, but the eligibility it protects is routinely worth seven figures. Fund it accordingly.

How do you deploy ILMT correctly in 2026?

A correct deployment is a six step sequence: server build, agent rollout, VM manager connections, catalog classification, report validation, and operational handover. Most failed estates skipped step three or six. The ILMT documentation covers mechanics; the sequence below covers survival.

Steps one to three: infrastructure

  1. Build the ILMT server on a supported stack and size the database for your endpoint count.
  2. Roll out agents through your standard software distribution, with acquisition and DMZ estates explicitly in scope.
  3. Connect VM managers. vCenter and other hypervisor connections let ILMT see physical capacity; without them sub capacity math fails.

Steps four to six: data quality

  1. Classify the catalog. Confirm bundled components map to their parent entitlements instead of billing standalone.
  2. Validate the first quarterly report against a manual count on a sample of hosts.
  3. Hand over to operations with a named owner, a quarterly review meeting, and an agent coverage KPI.

Sequence beats speed. Estates that pass audits finished steps one to three inside the first month, then spent the remaining time on catalog quality and report validation; the 90 day window is a ceiling, not a target.

ILMT deployment failure modes and their cost

Failure modeTypical causeFinancial effect
Uncovered hostsAgent rollout skipped acquisitions or DMZFull capacity PVU on those hosts
Missing VM manager linkvCenter credentials never provisionedSub capacity calculation invalid
Stale catalogNo quarterly catalog updateBundled components billed standalone
Unreviewed reportsNo named ownerErrors compound across audit window

How does the 30 day scan rule break sub capacity eligibility?

IBM fixes the data cadence: capacity scans every 30 minutes, software scans at least once per 30 days, and a signed report at least once per quarter. The ILMT scan frequency documentation sets weekly software scans as the default and monthly as the minimum.

The mechanics matter because sub capacity bills on peak virtual capacity within the reporting period. A host with no valid scan for a stretch cannot prove what it consumed, and IBM's default audit position is to price unproven periods at full physical capacity.

The same logic applies at deployment. The 90 day install window starts at the first eligible product deployment, not at the SAM team's convenience, and a late install leaves a permanently uncovered period that resurfaces in the audit data request two years later.

IBM minimum data cadence for sub capacity eligibility

Data feedDefaultMinimum allowedIf it lapses
Capacity scanEvery 30 minutesEvery 30 minutesCapacity peaks unproven
Software scanWeeklyOnce per 30 daysGap period priced at full capacity
VM manager collectionEvery 12 hours in central modeConnection kept livePhysical capacity invisible; eligibility fails
Audit reportQuarterlyQuarterly, signed, retained two yearsNo defensible history at audit
ILMT versionCurrent releasePrompt upgrade per Passport AdvantageIBM can challenge tool validity

The buyer side control is simple: alert when any eligible host's software scan age passes 21 days. That leaves a week of margin before the data becomes a gap an auditor can price.

Which ILMT deployment failures are most common?

Three failures dominate: agent gaps on edge estates, stale catalogs, and reports nobody reviews. In 18 of the 25 remediation projects behind this guide, the tool was installed and running; the operations around it had failed.

Failure modes ranked by how often we see them

  1. Agent gaps at the edges. Acquisitions, DMZ hosts, and validated systems fall outside the standard distribution job, and every uncovered eligible host defaults to full capacity.
  2. Stale software catalogs. Catalogs more than a quarter old misclassify bundled components; in our remediations this inflated PVU counts 10 to 25 percent.
  3. Unreviewed reports. Reports generate on schedule and nobody signs them, so classification errors compound across the two year audit window.
  4. Broken VM manager connections. A vCenter migration or credential rotation silently severs the link, and sub capacity math fails from that day forward.
  5. Aged ILMT versions. Passport Advantage expects prompt upgrades; running versions that are years old hands IBM an argument that the tooling was invalid.

The pattern is consistent: deployments fail after go live, not during it. Fund the operating cadence like a financial control, because that is what it is.

How do you validate scans and reports before sign off?

Validation is a four step runbook: check scan health, reconcile coverage, sample audit the report, then sign and archive the same day. Run it quarterly at minimum, monthly in volatile estates.

  1. Check scan health. Zero eligible hosts with software scans older than 30 days, an unbroken capacity scan feed, and green VM manager connections.
  2. Reconcile coverage. Compare the ILMT computer list against CMDB and hypervisor inventories, hold the 98 percent floor, and open incidents for gaps.
  3. Sample audit the numbers. Take a handful of high PVU hosts and manually verify cores, product mapping, and bundling against the report line items.
  4. Sign and archive. The named owner signs, the report snapshot exports, and the archive holds a rolling two years that an audit response team can produce within days.

Classification deserves its own pass. Review every newly discovered component and confirm bundled products map to their parent entitlements, because this is where the 10 to 25 percent PVU inflation hides.

How do you keep ILMT audit ready after go live?

Audit readiness is a quarterly cadence, not a deployment artifact. The estates that pass audits without drama review the report, the coverage KPI, and the catalog version every quarter, and they archive the signed report the same day.

Treat agent coverage below 98 percent as an incident. Every uncovered eligible host is a full capacity claim waiting for an audit letter.

The quarterly audit readiness checklist

  • Report signed and archived within the quarter, with the rolling two year history intact.
  • Coverage KPI at 98 percent or better, reconciled against CMDB and hypervisor inventories.
  • Catalog updated this quarter and newly discovered components classified.
  • VM manager connections verified green after any vCenter change or credential rotation.
  • Scan age clean: no eligible host past 30 days since its last software scan.
  • ILMT version current, or an upgrade scheduled inside the quarter.

Which evidence the auditors actually request

Expect requests for the quarterly report archive, agent coverage proof, and catalog versions, mapped against the ILMT configuration documentation. The report history is the exhibit; the install is assumed.

Where the common advice on ILMT is wrong

The standard advice is that deploying ILMT is the finish line, and many SAM teams celebrate at go live. We disagree. In roughly 18 of the 25 ILMT remediation projects Morten Andersen ran in 2024 to 2025, the tool was installed and technically working; what failed was operations. Catalogs aged, acquisitions never entered scope, and reports sat ungenerated for quarters, which voided sub capacity eligibility exactly as if the tool were absent. The buyer side move is to fund the quarterly operating cadence with the same seriousness as the deployment project, because IBM audits test the report history, not the install date.

Rows of servers in an enterprise data center aisle
ILMT must see the physical capacity under every virtualized IBM workload; the VM manager connection is the step most deployments miss.
25
ILMT projects led 2024 to 2025
98%
Minimum agent coverage we hold estates to
10 to 25%
PVU inflation from stale catalogs

Source: Redress Compliance advisory engagement file, 2024 to 2025.

IBM does not audit whether you installed ILMT. It audits whether ILMT was telling the truth every quarter for the last two years.

Which alternatives to ILMT does IBM accept?

IBM accepts exactly two third party tools for sub capacity in 2026: HCL BigFix Inventory and Flexera One with IBM Observability IT Asset Management, per the sub capacity licensing terms. Anything else, including general SAM suites, leaves the estate at full capacity.

Two qualifiers matter. ILMT Lite with the disconnected scanner is pre approved when fewer than 5,000 VMs or LPARs are in scope of virtualization capacity. And containerized IBM software under Container Licensing uses the IBM License Service instead, with its own snapshot retention duties.

Tool or path2026 statusBest fitWatch out
ILMTDefault, no chargeMost estatesNeeds a funded quarterly cadence
HCL BigFix InventoryApprovedEstates already on BigFixCommercial license; identical reporting duties
Flexera One with IBM Observability ITAMApprovedFlexera ITAM shopsConfiguration must match IBM counting rules
ILMT Lite with disconnected scannerPre approved under 5,000 VMs or LPARsSmall or isolated estatesManual package movement invites scan gaps
Manual countingRetired May 1, 2023NoneFull capacity applies without a tool
IBM License ServiceRequired for container licensingOpenShift and Kubernetes workloadsSeparate from ILMT; retain snapshots

The buyer side rule: changing tools never changes obligations. The 90 day window, the scan cadence, and the quarterly signed report apply identically to every approved path, so pick the tool your operations team will actually run.

What to do next

  1. Inventory every host running PVU or VPC licensed IBM software, including acquisitions.
  2. Verify agent coverage against that inventory and treat gaps as incidents.
  3. Confirm VM manager connections exist for every hypervisor platform in scope.
  4. Update the software catalog and reclassify bundled components.
  5. Generate and validate this quarter's report against a manual sample.
  6. Name a report owner and put the quarterly review on the calendar.
  7. Archive two years of signed reports where an audit response team can find them.

Pair this guide with the ILMT sub capacity guide, the wider IBM knowledge hub, or an estate review with the IBM advisory practice.

Frequently asked questions

Is ILMT required for IBM sub capacity licensing?

Yes, with narrow exceptions for very small estates and approved alternative tools. The sub capacity terms require an eligible tool deployed, configured, and generating retained quarterly reports; otherwise full capacity applies.

How quickly must ILMT be deployed?

Within 90 days of deploying your first sub capacity eligible product under Passport Advantage. Late deployment risks full capacity assessment for the uncovered period.

Why does ILMT need a VM manager connection?

Because sub capacity math compares virtual cores to physical capacity. Without vCenter or equivalent hypervisor visibility, ILMT cannot see physical capacity and the calculation, and your eligibility, fails.

How often should ILMT reports be generated and reviewed?

Quarterly at minimum, with two years of reports retained. Generate, validate against a host sample, have the named owner sign off, and archive the same day.

What agent coverage level is acceptable?

We hold estates to 98 percent or better of eligible hosts. Every uncovered host is exposed to full capacity billing, so coverage gaps are incidents, not backlog items.

What happens if ILMT was deployed late or not at all?

IBM can price the uncovered period at full physical capacity, counting all physical cores instead of assigned virtual cores. The starting audit position is full capacity back billing plus support, which is negotiable but expensive leverage to concede.

Can I use Flexera or BigFix Inventory instead of ILMT?

Yes. IBM accepts HCL BigFix Inventory and Flexera One with IBM Observability IT Asset Management as approved sub capacity tools. The 90 day deadline, scan cadence, and quarterly signed report duties apply identically.

How much does ILMT cost?

The tool itself is no charge for Passport Advantage customers, and the bundled DB2 database is free for ILMT use. Budget for modest server infrastructure and a slice of an operations role; the real cost is discipline, not licensing.

What is the 30 day scan rule?

IBM's minimum software scan frequency is once per 30 days, with capacity scans every 30 minutes. A host whose last software scan is older than 30 days is a data gap that auditors can price at full capacity.

Can small environments avoid a full ILMT deployment?

Partially. ILMT Lite with the disconnected scanner is pre approved when fewer than 5,000 VMs or LPARs are in scope, but the manual counting exception for small estates ended May 1, 2023.

IBM Audit Defense Checklist

The full ibm audit defense checklist from the IBM Practice.

The ILMT coverage checklist, report validation method, and the audit response sequence for estates that need sub capacity to hold.

Used across more than five hundred enterprise engagements. Independent. Buyer side. Built for procurement leaders running the next renewal cycle.

Get the white paper →
Opens the white paper landing page. We only email you about this download.
Run the software spend health check against your IBM estate in under five minutes.
Open the Tool →