BigFix 101- Server Pricing

BigFix 101- Server Pricing

Licensing in a Nutshell BigFix is included with AIX Enterprise Edition (AIX EE). If you have AIX EE on a system, all the cores on that system are covered and any LPAR running on that system is included in the BigFix license (whether they are AIX or Linux LPARs). If there is a system without AIX EE, you must purchase a BigFix license for that system. BigFix is licensed either by cores managed, or by Operating System (OS) instances managed. That is, you can either license all the cores on a system, or all the OS instances on a system whichever is cheaper. There is a slide in this deck that has a sample comparison. Furthermore, there is a sliding price basically volume based pricing. If you have a large data center, and want to cover thousands of cores, the first bunch are at one price, the next bunch at a reduced price, etc. For pricing, you should contact your business partner or IBM software sales rep. 2 IBM Security

Before you begin Licenses Models Client 1:1 relationship. Applies to all laptop and desktop devices Managed Virtual Server 1:1 relationship. Applies to operating system instance Resource Value Unit 1:Many relationship. Applies to the physical host in a virtual environment Dedicated or Physical Server A server that is used with a single operating system and does not share resources outside of that operating system and running applications. Virtual Server A server that shares computer resources with other virtual servers. In this context, the virtual part simply means that it is not a dedicated server-- that is, the entire computer is not dedicated to running the server software.(webopedia) Host Server A physical server that runs an operating system that allows the sharing of the physical resources to virtual instances of other servers running on top of the host system. Operating System For use in this document, an instance of a commercially available operating system like Windows Server 2012 or Red Hat Enterprise Linux running on either dedicate or virtual hardware. 3 IBM Security

Definitions Client Device Client Device is a unit of measure by which the Program can be licensed. A Client Device is a single user computing device, communications device, special purpose sensor or telemetry device that requests the execution of or receives for execution a set of commands, procedures, or applications from or provides data to another computer system that is typically referred to as a server or is otherwise managed by the server. A Client Device may have some processing capability or be programmable to allow a user to do work. Licensee must obtain entitlements for every Client Device which runs, provides data to, uses services provided by, or otherwise accesses the Program and for every other computer or server on which the Program is installed. Managed Virtual Server (MVS) Managed Virtual Server is a unit of measure by which the Program can be licensed. A server is a physical computer that is comprised of processing units, memory, and input/output capabilities and that executes requested procedures, commands, or applications for one or more users or client devices. Where racks, blade enclosures, or other similar equipment is being employed, each separable physical device (for example, a blade or a rack-mounted device) that has the required components is considered itself a separate server. A virtual server is either a virtual computer created by partitioning the resources available to a physical server or an un-partitioned physical server. Licensee must obtain Managed Virtual Server entitlements for each virtual server managed by the Program. Resource Value Unit (RVU) RVU is a unit of measure by which the program can be licensed. RVU Proofs of Entitlement are based on the number of units of a specific resource used or managed by the program. Licensee must obtain entitlements for this Program sufficient to cover the Resources managed by the program. Licensee must obtain sufficient entitlements for the number of RVUs required for Licensee's environment for the specific resources as specified in the resource table found in the program's announcement and/or License Information document. RVU entitlements are specific to the program and the type of resource and may not be exchanged, interchanged, or aggregated with RVU entitlements of another program or resource. 4 IBM Security

Cloud Virtual Physical Which Device am I quoting? Client Device: Agent is running on a non-server Operating System e.g. Windows 7/8/10 desktop, Ubuntu desktop, MAC OSX, etc. Server: Agent is running on a server Operating System e.g Windows 20012 Server, RedHat Enterprise Server, AIX, Solaris, Citrix Metaframe etc Type Example Server Client Laptops, Desktops running non server OS Server operating system VMs running Virtual Desktop VMs running server OS Cloud Server running server OS 5 IBM Security

Managed Virtual Server 1:1 Relationship For every server operating system that is running, you would need a license. Examples: 1 Physical Server running Windows 2012 Server would need 1 license 1 Host Server that is running 32 Virtual Machines would need 32 licenses 2300 Servers that are mixed as either Virtual or Physical would need 2300 Licenses 1:1 6 IBM Security

Calculating a Resource Value Unit* Simple Form # of Central Processing Units (CPUs) x # of Cores x # of Servers Example 1: x86 Server with 2 CPUs, Each CPU has 8 Cores. There are 10 servers 2 CPUs x 8 Cores x 10 servers = 160 RVUs Client would require 160 RVUs Example 2: X86 Server with 4 CPUs, Each CPU has 8 Cores. There are 1000 servers 4 CPUs x 8 Cores x 1000 servers = 32000 RVUs 1:MANY CPUs x CORES x SERVERS = RVUs *See next page for additional info 7 IBM Security

Calculating a RVU Additional Info After you have the total RVU count, you need to calculate the total actually needed to support the client. RVUs are sold on a scale that makes it more equitable for the customer as they increase the number of total RVUs (cores) in their computing environment. Tier Level Minimum Count Quantity Maximum Count Quantity RVU/UVU Factor per Quantity Cumulative Minimum RVU/UVUs Cumulative Maximum RVU/UVUs 1 1 2,500 1.00 1 2,500 2 2,501 10,000 0.80 2,501 8,500 3 10,001 50,000 0.60 8,501 32,500 4 50,001 150,000 0.40 32,501 72,500 5 150,001-0.20 72,501 - Using our examples from the previous page Example 1: 160 RVUs Customer would purchase 160 RVUs of the BigFix module or modules. Example 2: 32,000 RVUs Customer would purchase 21,700 RVUs Volume Level Minimum Count Quantity Maximum Count Quantity RVU/UVU Entitlement Calculation Actual Resources/Users RVU/UVU Factor per Quantity RVU/UVUs 1 1 2,500 2,500 1.00 2,500 2 2,501 10,000 7,500 0.80 6,000 3 10,001 50,000 22,000 0.60 13,200 4 50,001 150,000 0.40 5 150,001-0.20 Total Resources/Users 32,000 Total RVUs 21,700 (RVU/UVUs Previously Licensed) 0 RVU/UVUs to be Obtained 21,700 8 IBM Security

The Math Using Compliance Module RVU List Price of $131.00 Example 1 160 RVUs x $131 = $20,960 Cost Per RVU is $131.00 Example 2 21,700 RVUs x $131 = $2,842,700 Entitles Customer to 32,000 RVUs. Cost Per RVU is $88.83 ($2,842,700 / 32,000) 32.19 % Savings at the Per RVU Level Based on Total RVU count and the graduated scale 9 IBM Security

Should I Use RVUs or Managed Virtual Servers Example 1 Single Operating System Example 2 Multiple Operating Systems Server is running 1 operating system only Single Server with 2 CPUs with 8 Cores each Server is a Host running 20 Virtual Server Machines Single Server with 2 CPUs with 8 Cores each Total RVU count is 1 x 2 x 8 =16 Total RVU count is 1 x 2 x 8 =16 Resource Value Unit vs Managed Virtual Server Example Pricing(Compliance July 2016 List Price) RVU $ 131.00 MVS $ 383.00 Total Number of Resources 16 Total Number of RVUs Required 16 Total Server Count 1 Average Cores per Server 16.0 RVU Calculated Price $ 2,096.00 MVS Calculated Price $ 383.00 Best Price Option for Customer MVS Savings $ 1,713.00 Percentage Savings 81.73% Resource Value Unit vs Managed Virtual Server Example Pricing(Compliance July 2016 List Price) RVU $ 131.00 MVS $ 383.00 Total Number of Resources 16 Total Number of RVUs Required 16 Total Server Count 20 Average Cores per Server 0.8 RVU Calculated Price $ 2,096.00 MVS Calculated Price $ 7,660.00 Best Price Option for Customer RVU Savings $ 5,564.00 Percentage Savings 72.64% 10 IBM Security

THANK YOU FOLLOW US ON: ibm.com/security securityintelligence.com xforce.ibmcloud.com @ibmsecurity youtube/user/ibmsecuritysolutions Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others. Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.