License
License usage with IBM Verify Identity Access OIDC Provider deployed on Kubernetes
The IBM® License Metric Tool (ILMT) is an application that is provided by IBM to audit licensed products to ensure that licensed software is being used appropriately.
Any IBM Verify Identity Access OIDC Provider deployment that is used in a production environment must be licensed. To assist customers, the following information demonstrates how licensing information can be collected for containerized Verify Identity Access OIDC Provider deployments by using the Kubernetes infrastructure.
To ensure IBM Verify Identity Access OIDC Provider license compliance by using Kubernetes, customers must take the following steps.
- Deploy the IBM License Metric Tool operator.
- Deploy IBM Verify Identity Access with appropriate annotations.
- Verify that license metrics are being collected.
Note
The IBM License Metric Tool is only applicable when a processor-based licensing model (PVU) is in use. It cannot be used to monitor user-based licensing (UVU).
Deploy the IBM License Metric Tool operator
The IBM License Metric Tool container can be deployed by using a Kubernetes Operator that is maintained by IBM. This operator is available here. The IBM License Metric Tool team provides a guide to deploy the operator that uses the Kubernetes cli tool.
After the license service container is running, you can deploy IBM Verify Identity Access OIDC Provider container and verify that license audit information is being recorded.
Deploy IBM Verify Identity Access OIDC Provider
The license service relies on fixed annotations that are added to deployed pods to report on license usage. For IBM Verify Identity Access OIDC Provider (Production), add the following annotations to each deployment descriptor.
Annotation | Value | Description |
---|---|---|
Product name | IBM Verify Identity Access Virtual Edition Federation Module AOS | Name of application that is being licensed. |
Product ID | 13ce5584032a42eab5704711369a11a4 | Internal identifier of the application that is being licensed. |
Product metric | PROCESSOR_VALUE_UNIT | Metric that is used for license usage calculation. |
Product charged containers | All | Names of containers that are charged. |
For IBM Verify Identity Access OIDC Provider (Non-Production), add the following annotations to each deployment descriptor.
Annotation | Value | Description |
---|---|---|
Product name | IBM Verify Identity Access Virtual Edition Federation Module Non-Production AOS | Name of application that is being licensed. |
Product ID | 01a9d83608044a4687b3d29a0d4d0a35 | Internal identifier of the application that is being licensed. |
Product metric | PROCESSOR_VALUE_UNIT | Metric that is used for license usage calculation. |
Product charged containers | All | Names of containers that are charged. |
These annotations must be added to the deployment metadata for each IBM Verify Identity Access OIDC Provider container. The following code snippet demonstrates how the required Kubernetes annotations can be added to a deployment.
### IVIAOP Config ###
apiVersion apps/v1
kind Deployment
metadata
name isvaop
labels
app isvaop
spec
selector
matchLabels
app isvaop
replicas1
template
metadata
label
app isvaop
annotations
productName"IBM Verify Identity Access Virtual Edition Federation Module AOS"
productId"13ce5584032a42eab5704711369a11a4"
productMetric"PROCESSOR_VALUE_UNIT"
productChargedContainers"All"
. . .
Verify the license server metrics
The Rest API of the license service container must be queried to verify that the container is able to collect the correct license audit data. Detailed information on the API can be found here.
Updated 2 months ago