IBM Security Guardium

SKLM Licensing Summary

By Rick Robinson posted Fri June 21, 2019 06:43 PM



In the fall of 2018, IBM updated its licensing model for Security Key Lifecycle Manager (SKLM)

Historically, SKLM required customers to purchase two specific kinds of licenses:  1) a license to use the software (SKLM Basic Edition) and 2) an attachment license/entitlement that allowed customer to attach storage to SKLM.  This worked somewhat like purchasing a razor blade handle plus razor blades.

For the attachment license/entitlement, SKLM historically used a device-based approach.  However, this approach resulted in an ever-growing list of SKLM part numbers as new storage technologies were introduced (i.e. tape systems, flash systems, disk systems, software-defined storage, etc.).

In addition, with such as large and growing list of part numbers, price inconsistencies began to emerge where the unit cost of SKLM for one kind of storage was notably different than another kind of storage.  Furthermore, with device-specific part numbers, customer could not use their older device entitlements with new storage technologies (i.e. tape drive entitlements could not be used for licensing SKLM with flash storage systems) and, therefore, customers would have to purchase and entirely new set of entitlements for each new kind of storage they purchased.  In then end this was confusing rigid, and expensive for customers.

Capacity-based Licensing

In an effort to simplify SKLM fulfillment, SKLM part numbers for device-based entitlements were sunset and replaced with new capacity-based SKLM entitlements.  Capacity is a common metric across all kinds of storage. This approach also allowed customers to transfer use of their SKLM entitlements as they introduced new kinds of storage technologies.

The predominant new attachment license/entitlement is SKLM for RAW Terabyte Storage RVUs.  This entitlement uses the capacity of the storage environment as a common factor in determining the SKLM attachment licenses required for that environment.

However, capacities of storage capacities can range from single terabytes to many petabytes. As such, a single measurement (terabytes) was not an effective metric for such as large range of capacity.  Therefore, in an effort to reduce the SKLM licensing cost of large-size storage deployments, two additional factors were introduced with the new licensing.

The first factor added to the new licensing was the use of an automatic resource-value-unit (RVU) discount.  RVUs are a licensing method that create a built-in discount for large capacity purchases.  For example, it requires 1 RVU to license 1 TB of storage, but only 40 RVU to properly license 50 TB of storage.  The actual metric of the new licenses is that of RVUs, but the RVUs are calculated using the raw terabytes of capacity of the storage environment.  The discounting of the RVU mechanism introduces greater discounts for greater capacities of storage that need to be licensed.

However, even with RVU discounting, a second factor needed to be adopted for very large storage environments where storage capacity might be greater than 0.5 petabytes (PB).  To economically license these large environments, IBM offers SKLM for RAW Petabyte Storage RVUs.  These PB-based entitlements allow customers to license SKLM for very large deployments but comes with a constraint that they cannot be purchased in quantities less than one. 


When the new SKLM attachment license parts were introduced, all active S&S quantities for the older device-based attachment license/entitlements were migrated to the S&S part number for SKLM for RAW Terabyte Storage RVUs.  This was done so that S&S could be renewed using an active and current part number.  The migration ratios varied depending on the technology of entitlement that was migrated, but in the end, customers should have sufficient S&S coverage (E-part numbers) for the entitlements (D-parts) at the time of the migration.


Lastly, storage systems can be based on hardware capacities, software-defined capacities, or event capacities that are the outcome of RAID configurations.  These variations in the actual usable storage can result in the question of whether SKLM is licensed on the hardware capacity (called the RAW capacity - which may or may not be known) or the amount of storage that is only available (which is called the USABLE capacity).

SKLM can be licensed based on either RAW capacity (if that is known) or USABLE capacity (which is normally the case in software-defined storage or some RAID configurations).  Customers can use either method based their particular situation. 


In summary, SKLM has reduced the number of types of SKLM attachment license/entitlement for properly licensing SKLM with different types of storage.  Although some exceptions exist, the following entitlements are the primary attachment entitlements that are available:

  • RAW Terabyte or Petabyte Storage Capacity
  • USABLE Petabyte or Petabyte Storage Capacity

In the end, the new licensing model is more flexible, more consistent across different storage technologies, addresses usable verses raw capacities, and scales across a wider range of storage deployments.

If you have questions, please feel free to read the RFA announcement or reach out to your IBM Sales Representative.

#Encryption and Key Management