The move to subscription has made VMware compliance a live exposure rather than a dormant one. The Admodum read on why Broadcom enforcement has sharpened, what a licence review checks and the steps to a defensible position.
Under the old perpetual model, a VMware deployment that had fallen out of support could continue running indefinitely without being out of compliance — the licence was owned. Under Broadcom's subscription model that is no longer true: a subscription is a time-limited right to use, so a deployment whose subscription has lapsed but which remains in production is now a compliance gap. This single change has turned VMware compliance from a dormant concern into a live exposure. Admodum is an independent, buyer-side software licensing advisory, and this page sets out the new audit landscape and how to hold a defensible position.
The context is set out in the pillar on the post-acquisition model and on the licence-side change at the end of VMware perpetual licences. This page is the companion that deals with enforcement: what a review checks, where exposure arises, and what to do before and during one. It sits beneath the pillar, VMware exit and renegotiation strategy.
A VMware licence review is, at its core, a reconciliation of deployed cores against subscribed entitlement. Three questions sit at the centre of it, and understanding them ahead of time removes most of the uncertainty.
First, how many physical cores sit on the hosts running VMware software, because the per-core subscription model — with its sixteen-core-per-processor minimum, explained at the 16-core-per-CPU subscription minimum — counts cores, not virtual machines or sockets. Second, which products and editions are actually installed against those that are licensed, because deploying a component of a bundle the organisation has not subscribed to is a gap. Third, whether any deployment continues to run without a current subscription. The reconciliation is mechanical, which is its strength for the prepared buyer: an organisation that knows its own core count and product map can verify the vendor's figures rather than accept them.
Most VMware compliance gaps under Broadcom come from a small number of recurring situations, and naming them allows them to be checked deliberately rather than discovered in a review.
The largest is the lapsed-but-running deployment: software that was supported under a perpetual licence, whose support and subscription has since expired, but which remains in production. Under the new model that continued use is a gap, and it is common precisely because it was acceptable before. The second is exceeding the subscribed core count, which most often happens after a hardware change — new or denser hosts add cores that the subscription was not sized for. The third is edition or product drift, where a feature or component outside the subscribed bundle has been enabled, often by an engineer solving a technical problem without visibility of the licensing consequence. The fourth, which arises particularly during a transition, is parallel-running old and new environments without keeping subscription coverage aligned to what is actually in use. Each of these is addressable in advance with an accurate inventory, and none of them is the kind of deliberate over-deployment the word "compliance gap" tends to suggest — they are the ordinary by-products of an estate that changes faster than its paperwork, which is precisely why a current inventory, rather than an annual one, is the control that matters.
A compliance finding presented in a review is an opening position, not a settled liability, and treating it as the latter is how buyers overpay. The figure that arrives first is calculated on the vendor's reading of the data, often at list price and on the broadest interpretation of what is in use, and it is the starting point of a negotiation rather than its conclusion.
Three things temper a finding in practice. The first is the accuracy of the underlying data: vendor tooling and self-declared inventories both contain errors, and a core count or product map the buyer cannot independently confirm should not be accepted. The second is the commercial frame: a finding settled at list price is far more expensive than the same gap resolved as part of a forward-looking subscription at a negotiated rate, which is why a finding and a renewal are best handled on separate tracks rather than allowed to merge. The third is timing: a buyer who addresses a genuine gap on its own schedule, having verified the numbers, is in a stronger position than one resolving it under the pressure of a deadline the vendor has set. None of this is about avoiding a legitimate obligation; it is about ensuring the obligation is measured correctly and settled on fair terms.
A defensible compliance position is built before any review begins, and it rests on the same discipline whether or not a review is ever opened. Six steps make the difference.
Maintain an accurate, current inventory of hosts, physical cores and installed products, reconciled against entitlement, so the organisation always knows its position. Establish a single point of contact for any vendor enquiry, so the review runs through one controlled channel rather than several. Provide only the data the contract actually requires, neither volunteering more nor obstructing legitimate requests. Verify the vendor's findings independently, because the first compliance figure presented is an opening position, not a settled fact. Address any genuine gap on the buyer's terms and timeline rather than under pressure. And keep the audit conversation separate from any renewal or migration discussion, so a compliance finding is not used as leverage on price. The renewal interplay is set out at the VMware renewal negotiation playbook, and the contract clauses that govern mid-term growth and exposure at VMware co-term and true-forward mechanics. The wider engagement sits at the Broadcom / VMware practice, the aggregated reading at the Broadcom knowledge hub and the cluster index at the Broadcom and VMware hub; an audit moment routes to Audit Defence and engagement opens at contact.
Yes. Broadcom retains the contractual right to verify VMware deployment against entitlement, and the move to subscription has sharpened the focus on compliance because every core in use must now carry a current subscription. Organisations that continued running perpetual deployments after support lapsed, or that exceed their subscribed core count, are the most exposed.
A VMware review reconciles deployed cores against subscribed entitlement: the number of physical cores on hosts running VMware software, the products and editions actually installed against those licensed, and whether any deployment continues without a current subscription. Under the per-core model the central question is whether every core in use is covered.
The largest risk is running deployments whose support and subscription has lapsed but which remain in production, because the perpetual-to-subscription shift means continued use without a current subscription is now a compliance gap rather than a supported steady state. Exceeding the subscribed core count after hardware changes is the second most common exposure.
Maintain an accurate, current inventory of hosts, physical cores and installed products reconciled against entitlement, so the organisation knows its position before any review begins. Establish a single point of contact, provide only the data contractually required, and verify the vendor's findings independently rather than accepting the first compliance figure presented.
A migration does not automatically trigger a review, but the transition period carries elevated compliance exposure because the estate is changing and old and new environments may run in parallel. Decommissioning VMware deployments cleanly, and keeping subscription coverage aligned to what remains in use during the cutover, contains that exposure.
The Admodum white paper on the Broadcom VMware exit architecture sets out the compliance landscape, the leverage equation and the business case in full. A senior advisor will reconcile your core count and entitlement, and defend a review, on a private call.
Facing a review? Join the newsletter or route the moment to the Renewal Programme.