The situation.
The client is a North American multiline insurance group with a 3,400-core VMware vSphere estate and twelve vSAN clusters supporting claims processing, policy administration, and the actuarial computing environment. vSAN had been deployed in phases between 2019 and 2024 with a mixture of vSAN Standard, vSAN Advanced, and a small footprint of vSAN Enterprise on the actuarial cluster.
The Broadcom audit letter arrived under the post-acquisition compliance programme and was scoped to vSAN only. The opening claim was $2.1 million, derived from a per-core reconstruction that applied vSAN Advanced pricing to every core in every vSphere cluster, on the basis that vSAN was "deployable" across the estate.
The complication.
vSAN audits are technically dense because the asserted entitlement depends on the cluster configuration, not the host configuration. A vSAN cluster is licensed on the cores of the hosts contributing storage capacity to that cluster, and the licensable edition depends on which vSAN features are enabled and used. Broadcom's auditor had applied vSAN Advanced uniformly without inspecting the per-cluster configuration data.
The auditor had also counted vSphere clusters with vSAN capability (i.e. ESXi hosts where vSAN had been installed but not enabled on any disk group) as licensable vSAN clusters. Six of the twelve flagged clusters had vSAN installed but no vSAN datastore configured; storage on those clusters was provided by the SAN array, not by vSAN.
The response.
The defence built a cluster-by-cluster evidence pack. For each of the twelve clusters, the team produced: the ESXi build manifest, the vSAN datastore configuration (or its absence), the disk-group composition, the configured vSAN features, and the actual feature utilisation drawn from vCenter and vRealize Operations. The pack was presented in a single workbook with one tab per cluster and a summary tab.
The first major reduction came from removing the six non-vSAN clusters from the assertion. The configuration evidence established that vSAN was installed at the ESXi level but never enabled at the cluster level; no disk groups, no vSAN datastore, no consumed capacity. Those six clusters were removed from the assertion entirely, eliminating approximately $740,000 from the opening position.
The second reduction came from the edition reconciliation on the remaining six clusters. Three of the clusters ran vSAN Standard features only (no stretched cluster, no deduplication, no compression beyond software-defaults). Broadcom's auditor had priced them at vSAN Advanced. The team produced feature-utilisation evidence and reduced the asserted edition on those three clusters, taking a further $330,000 off the assertion.
The third reduction was on the capacity tier. The actuarial vSAN Enterprise cluster had been over-counted at full host-core capacity, when in fact the cluster ran in a two-node ROBO configuration with a witness host that did not contribute capacity and was not licensable. The witness-host correction removed approximately $90,000.
The settlement closed at $880,000, 58% below the opening claim. The structure included a vSAN edition declaration covering the audit period, an entitlement-true-up on the residual gap, and a forward subscription on the remaining six vSAN-active clusters at quoted-list pricing.
The outcome.
The documented saving against Broadcom's opening claim is $1.22 million. The defence also produced a permanent cluster-level licensing inventory that the client now maintains as part of its quarterly compliance review — every vSAN cluster, every active feature, every configuration delta against the entitled edition.
The forward consequence is that the client's renewal-readiness pack now has cluster-level evidence for any vSAN edition assertion, which removes the discovery foothold that drove the opening claim in this audit cycle.
