Bundling Misuse: Using Db2 Beyond the Cognos Scope

Many IBM analytics products ship with a restricted use Db2 entitlement. The moment that database serves anything outside the bundling product, you owe a full Db2 license. It is one of the most common and most quietly expensive audit findings.

What a restricted use bundle actually grants

When you license Cognos Analytics, the entitlement includes a Db2 instance for the content store and certain supporting functions. This is a restricted use license, not a general Db2 entitlement. It permits Db2 only for the workload that supports the bundling product, under the terms set out in the license information document for that part number. It does not grant you a Db2 you can point at other applications.

How the line gets crossed

The misuse rarely looks deliberate. A team already running the bundled Db2 finds it convenient to host a second database on the same instance, or a developer connects a reporting tool that has nothing to do with Cognos. From that point the install is no longer covered by the restricted use grant, and a full Db2 license is owed at the metric that applies to that deployment.

• A non Cognos application pointed at the bundled Db2 instance
• Schemas or databases created on the bundled instance for unrelated workloads
• The bundled Db2 promoted to a shared enterprise database over time
• Bundled Db2 reused after the original analytics product is retired

Why auditors look for it

Bundling misuse is a named audit trigger because it is widespread and easy to measure. The auditor can see which databases and connections live on an instance and compare them to the restricted use terms. Where the instance serves anything beyond the permitted scope, the finding is a full license claim, often at full capacity if the host is not under a clean sub-capacity posture.

How to stay defensible

Keep bundled databases isolated to the product that entitles them. Document which instances are restricted use and which carry standalone Db2 entitlements, and reconcile that against your Passport Advantage records. If the line has already been crossed, the exposure is still contestable: the question is what workload actually ran, on how many cores, and whether a sub-capacity position applies.