Since Broadcom acquired VMware in late 2023, changes have been coming at a rapid pace. One of the most impactful recent updates concerns new obligations for customers using VMware products such as VMware Cloud Foundation (VCF) and VMware vSphere Foundation (VVF) if they are running software versions 9.0 or later: mandatory, semi-annual compliance reporting.
What does this new obligation entail?
In a relatively quiet update to its Specific Program Documentation (SPD), Broadcom announced that customers must provide a complete, audited compliance report every 180 days. This report must provide a current and accurate view of the use of VMware products within the organization.
The report may be submitted in two ways:
- Automatic: via the software itself (if enabled).
- Manually: by uploading a report to a location to be specified.
Please note: The report must be unaltered and complete as specified in the documentation.
What happens if you don't report?
Broadcom has clearly described in its documentation what happens if a timely and correct report is not provided:
- After 180 days without reporting: warnings within the software.
- After 270 days without reporting: Functions and access to the management environment may be restricted or even blocked.
- Customers also lose the right to patches and support and bear all risks arising from failure to report.
What are the legal implications?
Many organizations may have implicitly agreed to future updates to the SPD when signing a VMware subscription. This means that you may be bound by this new obligation, even if it was added after the contract was signed.
Check your contract carefully: see if you have agreed to any references to the SPD or similar documents. If so, the new terms are likely to apply to your organisation.
What should you do now?
1. Check the status of automatic reporting
Check if your VMware environment automatically sends the required reports or if manual action is required. Test this functionality and ensure that you have this process under control.
2. Set up a 180-day reporting cycle
Document this cycle in your management processes and assign clear ownership within your IT or SAM team. Regular reporting prevents surprises or functional blockages.
3. Keep proof of submission
Log all reports sent and store proof of sending and receiving. This can be essential in discussions about compliance or support.
4. Review your contract and license terms
Assess whether your organization is legally bound by the new terms.
How BeSharp Experts supports your organization
At BeSharp Experts we are fully aware of Broadcom's new compliance requirements. We help your organization with:
- A thorough inventory of your VMware environment
- Establishing a structured, repeatable reporting cycle
- Pre-validate your reports so that only correct and compliant data is shared with Broadcom
This will help you limit risks, maintain control over your IT landscape and avoid unexpected restrictions or fines from Broadcom.
Want to know more? Feel free to contact us – we will help you stay compliant, without surprises.