Home / Journal / Broadcom / VMware
Broadcom / VMware · Negotiation

Defending Against a VMware Audit Under Broadcom: The Enterprise Guide

By Accord · Updated 2026-03-26

The Changing Audit Landscape Post-Acquisition

VMware, under its pre-Broadcom ownership, was not a particularly aggressive auditor by enterprise software standards. The company's commercial model was built around partner relationships and enterprise account management — adversarial audit activity was relatively rare and typically reserved for egregious non-compliance situations.

Broadcom's approach to its software portfolio — which includes Symantec and CA Technologies alongside VMware — is more structured around licence compliance as a revenue mechanism. Since the acquisition, the frequency and formality of compliance reviews directed at VMware customers has increased. Enterprises in legacy perpetual positions who have not yet transitioned to subscription are the primary target population.

This change in posture is part of the broader commercial transformation covered in our Broadcom VMware Licensing Guide. Understanding it is essential context before exploring the specifics of audit defence.

What Triggers a VMware Audit

Broadcom does not need a reason to audit — audit rights are contractually established in the VMware licence agreements and typically permit Broadcom to conduct compliance reviews on reasonable notice. In practice, audits are triggered by a combination of factors.

Commercial Triggers

  • Renewal resistance: If you have declined, delayed, or pushed back aggressively on Broadcom's renewal proposals, a compliance review may follow. This is a commercial pressure tactic.
  • Lapsed support: Perpetual licences whose support has lapsed create a compliance conversation opportunity, as Broadcom uses these engagements to accelerate subscription transitions.
  • Significant estate growth: If Broadcom's data sources (telemetry, channel intelligence, third-party data) indicate your vSphere estate has grown materially since your last licence purchase, that growth creates an audit trigger.

Technical Triggers

  • Unlicensed product versions: Running vSphere 7 or 8 on licences purchased for vSphere 5 or 6 without upgrade entitlements is a common compliance gap.
  • DR and test environments: VMware DR environments and test/dev clusters are often deployed informally without considering licence requirements. Perpetual licences do not typically include unlimited DR rights.
  • VDI without appropriate licences: Virtual desktop deployments have historically required specific vSphere Desktop licences. VDI environments deployed under standard vSphere licences create compliance exposure.
  • vSAN and NSX without licences: If you are running vSAN or NSX software on hosts that are not licensed for these components, this is a material compliance exposure.

Responding to an Audit Notice: The First 30 Days

The most important thing to understand about an audit notice is that your initial response shapes the entire process. A cooperative but carefully managed response is the right posture — not compliance or resistance, but controlled engagement.

1

Do Not Respond Immediately

Acknowledge receipt and request clarification on scope and timeline. You have a contractual right to understand exactly what is being audited before you provide any data. Use this time to organise your response team — typically including IT, legal, and procurement.

Stay Ahead of Vendors

Get Negotiation Intel in Your Inbox

Monthly briefings on vendor pricing changes, audit trends, and contract tactics. Unsubscribe any time.

No spam. No vendor affiliations. Buyer-side only.

2

Assemble Your Licence Position

Pull all VMware licence documentation: purchase orders, licence agreements, email confirmations of licence grants, support contracts. Establish what you own and what rights are associated with each licence. This is your baseline defence document.

3

Conduct a Self-Assessment

Run your own internal compliance review before sharing anything with Broadcom. Use vCenter inventory data to document your actual deployment against your licence entitlements. Identify any genuine gaps — knowing your exposure before Broadcom does is a significant advantage.

4

Engage Specialist Counsel or Advisory

VMware licence audits under Broadcom are commercial negotiations, not legal proceedings — but having appropriate advisory support from the outset changes the dynamic. Broadcom's audit teams are experienced. Enterprises that engage them without equivalent expertise are at a structural disadvantage.

Common VMware Compliance Gaps and How to Address Them

Version Coverage Gaps

Legacy perpetual licences purchased for vSphere 5 or 6 may or may not include perpetual rights to run later versions, depending on the specific licence agreement and whether support was maintained. Active support contracts typically include the right to run current versions. Lapsed support contracts do not. If you are running vSphere 7 or 8 on expired support licences, this is a genuine gap that needs to be addressed.

The resolution here is typically to negotiate a subscription transition that acknowledges the lapse period rather than paying full back-licence fees. An experienced adviser knows what Broadcom has accepted in comparable situations.

DR Environment Exposure

Disaster recovery environments are a consistent source of audit exposure. Most perpetual vSphere licences require production and DR instances to be licensed separately unless the licence specifically includes DR rights. Organisations that deployed vSphere DR sites as "just another cluster" without separate licences are exposed.

Broadcom has acknowledged this issue in its subscription model — VCF/VVF subscriptions typically include DR deployment rights within the subscription scope. The audit negotiation here often involves converting to subscription as part of resolving the DR gap.

VDI and Specialised Use Cases

VDI deployments require vSphere Desktop licences or a VDI-specific product bundle. Standard vSphere Enterprise Plus licences do not cover VDI use cases. If you are running VDI on standard vSphere licences, this is a material exposure. The current commercial resolution in a subscription model context typically involves assessing the actual VDI seat count and the applicable subscription tier.

Negotiating the Audit Resolution

An audit claim from Broadcom is a commercial opening position, not a final demand. The initial claim typically reflects list-price calculations on alleged shortfalls — which is the worst possible commercial outcome. Every audit resolution has room to negotiate, and the outcome depends heavily on how the negotiation is conducted.

  • Challenge the methodology: Verify that Broadcom's calculation of the shortfall is accurate. Errors in licence counting, incorrect version assumptions, and failure to account for applicable rights are common in initial audit claims.
  • Apply your full entitlements: Ensure all existing licence entitlements — including any previously purchased but unused licences, SA rights, and version coverage — are credited against the alleged shortfall before any financial settlement is calculated.
  • Bundle the resolution with the renewal: The most commercially efficient audit resolution usually involves settling the historical gap as part of a forward-looking subscription agreement. This gives Broadcom the subscription revenue they want and gives you the opportunity to negotiate the future terms alongside the settlement amount.
  • Negotiate settlement at market, not list: Any catch-up payment should be calculated at market rates (reflecting applicable volume discounts and current pricing benchmarks), not at Broadcom list price. The difference is substantial.

Proactive Compliance Management: Avoiding the Audit

The best audit defence is a clean licence position that eliminates the exposure before Broadcom raises it. For enterprises that have not yet received an audit notice, a proactive compliance review is a wise investment — particularly given Broadcom's increased audit activity.

A proactive review should cover: all deployed vSphere, vSAN, and NSX instances versus current licence entitlements; version coverage across all deployed hosts; DR and test environment licensing status; and VDI or specialised use case coverage. The result is either peace of mind or an early warning that allows you to address gaps on your terms rather than Broadcom's.

IT Negotiations provides VMware licence position reviews as part of our Broadcom VMware advisory service. We work independently of Broadcom — everything you share with us is protected by the engagement relationship, not disclosed to the vendor. Request a free initial consultation to understand your exposure level. For additional context on the broader Broadcom commercial landscape, our articles on Broadcom negotiation tactics and vSphere core licensing changes are useful companion reading.

Related reading
The Negotiation Edge

Get weekly vendor intelligence — free.

One considered email a week on enterprise IT pricing and negotiation leverage. No noise.

Your next deal,
on your terms.

Tell us about an upcoming renewal, sourcing decision, or negotiation. We'll show you what's truly possible — in complete confidence.

Begin a conversation