VMware License Optimization Before a Broadcom Audit

The conversation we have most often with new audit-defence clients is the one we wish we had ninety days earlier. By the time a Broadcom audit notification arrives, several optimisation moves that would have legitimately reduced exposure are no longer available. Once you are formally on notice, removing software, decommissioning hosts, or rebalancing clusters can be characterised — sometimes unfairly — as evidence-tampering. Before notification, the same moves are routine licensing hygiene.

This guide describes six pre-audit optimisation actions that we see deliver the largest defensible reductions, in the order we recommend executing them. Every action assumes you have not yet received a formal audit notification or a soft-audit letter. The moment either lands, the optimisation window narrows sharply, and several of the steps below shift from straightforward to delicate.

Step 1: Reconcile entitlements to a single source of truth

Most enterprises hold VMware entitlements that have accumulated over a decade of acquisitions, ELA conversions, edition swaps, and per-CPU to per-core transitions. The first job is reconciling all of those entitlements into a single, defensible inventory.

The single source should pull from your Broadcom portal directly, validated against the original procurement records (POs, contract documents, conversion certificates). Discrepancies are common. We routinely find clients under-counting their entitlements by 5-15% because some legacy SKUs are not visible in the current portal view, or because acquired entities’ entitlements were never properly merged.

An entitlement gap discovered before audit is found revenue. The same gap discovered during audit is a credibility problem.

Step 2: Decommission unused or dormant deployments

Every enterprise has them: lab hosts that haven’t hosted a workload in eight months, DR clusters that were retired but never powered down, test environments spun up for a project that ended in 2023. These are licence-consumers that produce no business value.

Power them down, decommission them properly through your CMDB, remove them from vCenter, and document the decommissioning. Two cautions:

• Document everything. The decommissioning evidence (tickets, change requests, removed-from-inventory records) is what makes the move defensible later.
• Don’t rush evergreen workloads off legitimate infrastructure. A hasty decommissioning that breaks a production service is more expensive than the licence saved.

Caveat

If you have already received any audit communication, even an informal one, consult an audit-defence specialist before decommissioning. The timing and documentation around the action become materially more important once an inquiry is in motion.

Step 3: Right-size clusters and CPU allocation

VMware licensing post-Broadcom is per-core with a 16-core-per-CPU minimum. That minimum is the single largest source of unintended licence inflation. A host with two CPUs at 8 physical cores each is licensed at 32 cores — double the physical core count — because each CPU is rounded up to the 16-core minimum.

Re-evaluating cluster composition through this lens routinely finds 10-25% in legitimate savings:

• Consolidating workloads onto fewer, larger-core hosts reduces the impact of the per-CPU minimum.
• Retiring older hosts with low core counts (12-core CPUs, for example) eliminates the worst inflation.
• Replacing two small hosts with one large host can cut licensed cores in half while leaving compute capacity unchanged.

This is genuine architectural improvement, not paper compliance. The savings persist across renewals.

Step 4: Rationalise edition mix

Broadcom’s post-acquisition bundling moved most customers onto VCF or VVF. Before that move, many enterprises held a mix of vSphere Standard, vSphere Enterprise Plus, and various add-ons (vSAN, NSX, vRealize, etc.). Edition mismatches between licensed and deployed editions are a top-three source of audit findings.

Audit a sample of clusters against your edition entitlements. Anywhere a higher edition is deployed against a lower edition entitlement, you have two choices: downgrade the deployment to match the entitlement, or upgrade the entitlement to match the deployment. Doing this proactively gives you choice. Doing it during audit means Broadcom picks for you, and they always pick the more expensive option.

Step 5: Validate VM-to-host placement against licensing rules

Licensing rules around VM mobility (vMotion, DRS, HA) and cluster placement are some of the most-litigated topics in Broadcom audit methodology. Specifically:

• If a VM is permitted by DRS to migrate across all hosts in a cluster, every host in that cluster is “available” for that VM and must be licensed accordingly.
• Add-on products (vSAN, NSX) licensed against a subset of hosts in a cluster create a compliance risk if VMs can drift onto unlicensed hosts.

Pre-audit, you can rebuild DRS rules, host affinity rules, and cluster boundaries to enforce a defensible separation. Done after notification, the same change may be challenged.

Step 6: Document, document, document

The single most under-invested area in pre-audit preparation is documentation. Specifically:

• A current architecture diagram showing clusters, hosts, editions deployed, and the entitlement covering each.
• A decommissioning log with dates and tickets for any host or cluster retired in the past 24 months.
• A reconciled entitlement register tying every entitlement to the original PO and contract.
• A VM mobility policy describing which workloads are allowed to migrate where, and why.

Documentation is the cheapest defence available. When Broadcom’s auditor produces a findings letter, your documentation either rebuts it on the merits or doesn’t. The cost of building the documentation pre-audit is a fraction of the cost of trying to reconstruct it under audit pressure.

Two things that look like optimisation but aren’t

Mass decommissioning under audit pressure

If you have received any audit-adjacent communication, mass decommissioning is no longer optimisation. It is evidence-management, and Broadcom’s methodology explicitly looks for it (comparing reported deployments to historical management-system snapshots, for example). The savings on the licence are typically outweighed by the credibility damage and the methodology penalty.

Lab-to-production reclassification

Reclassifying production workloads as “non-production” to invoke a lower-cost licensing path looks attractive on paper. In practice, the criteria Broadcom uses to evaluate the reclassification are stricter than internal definitions, and the reclassification fails under audit scrutiny far more often than it succeeds.

How long the window is

Optimisation work compounds. The earliest results — entitlement reconciliation and dormant-host decommissioning — appear within weeks. Cluster right-sizing typically takes a quarter to plan and execute defensibly. Edition rationalisation may stretch across a renewal cycle. The full programme is a six-to-twelve-month motion, and there is no shortcut.

For enterprises with a known renewal date six to twelve months out, beginning the optimisation programme now is the highest-leverage move available. For enterprises that have already received any audit communication, the same actions are still available but must be sequenced and documented with specialist guidance.

The cheapest licence is the one you stop needing before anyone asks if you’re entitled to it.

Working with specialists

Pre-audit optimisation is one of the highest-value engagements an external advisor delivers, because each percentage point of legitimate exposure reduction translates directly into negotiation leverage and settlement savings. is the firm we most often recommend for this work. Their team includes former VMware compliance personnel who know exactly which optimisation moves Broadcom’s auditors challenge and which they accept, which makes the documentation strategy materially stronger.

The bottom line

Pre-audit optimisation is not aggressive compliance gamesmanship. It is the licensing equivalent of cleaning up the office before the inspector visits: routine, defensible, and entirely yours to do at whatever pace you choose. Done in the right sequence, with the right documentation, in the window before notification arrives, it routinely reduces exposure by 30-60%. That is the difference between an audit you settle from a position of strength and an audit that defines your IT budget for the next three years.

Building the optimisation programme governance

A six-to-twelve-month optimisation programme requires governance, not just engineering. Two-thirds of the value comes from disciplined execution; one-third comes from technical decisions. The governance scaffolding we recommend:

Single accountable owner

One named individual, typically a senior infrastructure or licensing manager, owns the programme end-to-end. Distributed ownership across IT operations, procurement, and finance consistently produces fragmented outcomes. The single owner has the authority to convene the cross-functional team and the responsibility to drive the programme to scheduled milestones.

Steering committee at executive level

A monthly review with the CIO or VP of infrastructure, finance leadership, and legal. The steering committee makes the decisions that escape the operational layer: budget for hardware refresh tied to optimisation, decisions about which clusters to retire, alignment on the level of risk-tolerance for borderline compliance positions.

Audit-defence advisor on retainer

An external specialist firm on retainer through the programme. The cost is modest relative to the value, and the advisor brings cross-client pattern recognition that internal teams cannot match. For Broadcom and VMware specifically, the firm we most frequently recommend is one with former VMware compliance personnel on staff, since recognising the methodology playbook from the inside is decisive.

The decommissioning workflow that survives audit scrutiny

Decommissioning is the highest-yield individual action in a pre-audit optimisation programme, but it is also the action most often challenged. The workflow that survives audit scrutiny includes the following elements:

• Discovery and inventory. A current list of every host, cluster, and VM, classified by purpose, owner, and last-utilisation date
• Stakeholder validation. Each business owner confirms whether the workloads in their inventory are required or retirable, in writing
• Change-management approval. Standard change-management process produces a documented trail for each decommissioning decision
• Technical decommissioning. Power-off, removal from vCenter, removal from the CMDB, retention of the configuration snapshot for the standard retention period
• Physical decommissioning where applicable. Hardware decommissioning recorded against the asset register
• Post-decommissioning evidence pack. A folder containing the discovery snapshot, the stakeholder confirmations, the change records, the technical evidence, and the asset-register update

This workflow is more documentation-heavy than typical operational decommissioning. The additional documentation is what makes the action defensible if Broadcom subsequently questions whether the workloads were “really” retired or were instead hidden.

The conversation with stakeholders

Pre-audit optimisation creates internal political friction. Business owners discover their environments are being decommissioned. IT teams are asked to deprecate hosts they invested in. Architects are asked to defend cluster boundaries they designed.

The conversation that consistently lands well frames the optimisation as protecting the enterprise from a known external risk — the Broadcom audit motion is industry-wide, the financial exposure is material, and the optimisation programme is a measured response. Framing it as cost-cutting or as a punishment for past sins consistently lands badly.

Specific stakeholder messages we have seen work:

• To business owners: “We’re tightening our compliance posture across the VMware estate. We need your help confirming which workloads are still required, so we don’t accidentally include retired services in our licensed footprint”
• To IT teams: “The licensing rules have changed materially. Architectural choices that were neutral two years ago now have direct compliance implications. We’re redesigning to reflect the new reality, not criticising the original design”
• To finance: “Every percentage point of legitimate exposure we remove now is leverage in renewal and savings in any settlement. The optimisation programme is the highest-return licensing work available to us this year”

Measuring success

The metrics that matter at the end of an optimisation programme:

• Licensed cores reduced (target: 15-30%)
• Edition mix simplified (target: alignment between licensed and deployed editions on 100% of clusters)
• Documentation completeness (target: every entitlement traced to PO, every host classified, every cluster diagrammed)
• Internal audit-readiness score (target: passing internal review by a third-party assessor before any external notification arrives)

Each of these metrics is auditable. Each contributes directly to a stronger negotiating position. The programme that hits all four is one that walks into a renewal or an audit with material leverage.

The relationship between optimisation and negotiation

Pre-audit optimisation is often framed as a defensive exercise. The framing understates its strategic value. Optimisation work produces three forms of leverage simultaneously:

Reduced settlement exposure

The direct effect: a smaller, cleaner, better-documented footprint produces a smaller settlement, because there is genuinely less to settle.

Stronger negotiating posture

A customer arriving at renewal with documented optimisation discipline is treated differently by Broadcom’s account team. The conversation moves faster, escalation thresholds are lower, and concessions are more readily made. The signal optimisation sends — that the customer has alternatives, has prepared, and is not under time pressure — is itself worth several percentage points of discount.

Migration credibility

Optimisation work produces the inventory and architectural understanding that any future migration will require. A customer who has completed pre-audit optimisation has, almost as a byproduct, completed the discovery phase of a hypothetical Proxmox or Nutanix migration. The credibility of an exit threat is dramatically higher in an enterprise that has done this work than in one that has not.

These three benefits compound. A customer who has done the optimisation work walks into renewal with a smaller licensed footprint to renew, a stronger negotiating posture, and a credible alternative. The combination consistently produces commercial outcomes 20-35% better than a comparable customer who has skipped the optimisation phase.

Common failure modes

Optimisation programmes fail in predictable ways. Recognising the failure modes helps prevent them.

The technical-only programme

An optimisation programme owned exclusively by IT operations, without procurement or finance integration. The technical work proceeds, but the business case is never built; the savings are never quantified; the renewal negotiation never benefits from the optimisation. The technical change happens; the commercial value evaporates.

The compliance-only programme

An optimisation programme framed entirely as compliance hygiene, without strategic intent. The work is done correctly but defensively. Opportunities to right-size architecturally, to position for an alternative, to anchor a renewal conversation around a smaller baseline — all missed.

The procurement-only programme

An optimisation programme driven by procurement without technical execution capacity. Cost-reduction targets are set; the IT team is asked to deliver them; the technical execution doesn’t materialise; the targets are missed. Procurement frustration leads to escalation; IT pushback leads to political conflict; the programme stalls.

The under-resourced programme

An optimisation programme assigned to a part-time owner with other responsibilities. The programme drifts: milestones slip, documentation lags, the steering committee loses confidence. By the time renewal arrives, the programme has produced fragments rather than a coherent deliverable.

The successful programme avoids all four failure modes through explicit cross-functional ownership, strategic framing, adequate resourcing, and executive sponsorship. None of these is exotic. All of them require deliberate design at programme inception.

What a 90-day optimisation sprint looks like

For enterprises that have only ninety days before renewal — a shorter window than the full programme but enough to deliver meaningful results — the compressed playbook:

• Days 1-15: entitlement reconciliation and current deployment baseline
• Days 16-30: dormant-host identification and decommissioning programme launch
• Days 31-60: cluster right-sizing analysis and edition reconciliation
• Days 61-75: documentation pack assembly; stakeholder sign-offs
• Days 76-90: internal audit-readiness review; external advisor review

The compressed sprint cannot deliver the full programme’s value. It can deliver 40-60% of it. For an enterprise facing imminent renewal or audit, that proportion of value is materially better than the alternative of arriving unprepared.

What the next quarter looks like

For enterprises that have just completed reading this guide and are weighing whether to begin an optimisation programme: the highest-leverage first action is the entitlement reconciliation. Three to four weeks of focused work by a senior infrastructure analyst, with procurement support, produces a baseline that informs every downstream decision. From that baseline, the question of whether to extend into a full programme becomes answerable on data rather than on intuition. Some enterprises will find that their compliance posture is already strong and the marginal return on extended optimisation is modest. Others will find material gaps that justify a six-month programme. Either outcome is valuable. What is not valuable is operating without the baseline, because the absence of the baseline means every subsequent renewal, every audit motion, and every architectural decision proceeds without the visibility that the baseline provides.