>
Journal · Cloud Pak and Red Hat
Cloud Pak and Red Hat

IBM Cloud Pak licensing: the VPC model explained.

IBM Cloud Paks are metered in Virtual Processor Cores, not the Processor Value Units that govern most legacy middleware. The metric is simpler on paper, but container topology and cluster scope make it easy for an audit to count cores you never dedicated to the software.

May 2026 · 7 min read · Cloud Pak and Red Hat

What a Virtual Processor Core actually counts

The Virtual Processor Core, or VPC, is the entitlement unit for the Cloud Pak family. Where the Processor Value Unit ties cost to physical cores weighted by a per core PVU rating, a VPC counts the virtual cores made available to the eligible product. One entitlement covers a defined number of VPCs, and you license the virtual cores the Cloud Pak workload can consume rather than the raw hardware underneath it.

That sounds cleaner than PVU math, and in a tidy estate it is. The complication is that Cloud Paks run on Red Hat OpenShift, and a container platform does not present a fixed core count the way a single virtual machine does. The number that matters is the virtual cores available to the entitled pods, which means the cluster topology, the worker node sizing, and the way limits are set all feed the count.

Why container counting inflates audit findings

Cloud Pak entitlements are tracked by the IBM License Service, a component that runs inside the cluster and reports VPC consumption. When that service is missing, misconfigured, or has gaps in its history, the audit cannot see the constrained number. The fallback is the same pattern that governs the rest of the IBM stack: when the tool that proves the lower figure is incomplete, the higher figure applies.

For containers the higher figure is severe. Where sub capacity evidence is absent, IBM positions the charge at all cores in the cluster, not just the cores the Cloud Pak pods were scheduled onto. A workload that genuinely used a slice of a large OpenShift cluster can surface as exposure across every worker node in that cluster.

  • License Service not deployed, so no VPC history exists for the audited period.
  • Gaps in the metric history that read as unmetered consumption.
  • Worker nodes added for unrelated workloads counted against the Cloud Pak.
  • Bundled components used beyond the rights the Cloud Pak conveys.

How we defend a VPC estate

Re establish the metric record

We confirm the License Service was present and reporting for the period in scope, and reconstruct the VPC consumption from the cluster record where the audit relies on assumption instead of data. The goal is to replace a full cluster count with the metered virtual cores the Cloud Pak workload actually used.

Scope the cluster correctly

Not every node in an OpenShift cluster is fair game. We separate the nodes and namespaces that ran entitled Cloud Pak pods from the rest of the platform, so the count reflects the workload boundary rather than the whole cluster. This is the heart of a sub capacity defense in a containerized estate.

What this means under audit

A Cloud Pak finding usually assumes every core in the cluster is in scope because the License Service evidence is thin. Reconstructed metric history and a correctly drawn cluster boundary bring the defensible number back toward real consumption, within the 30 to 92% reduction range our engagements deliver.

Related reading
IBM Cloud Pak Licensing and Audit DefenseConverting Legacy PVU Entitlements to Cloud PakRed Hat Enterprise Linux Subscriptions Under IBMRed Hat OpenShift and IBM Container Entitlements
Talk to Sub-Capacity Defense →Get audit help now

The IBM Audit Brief

Audit triggers, ILMT pitfalls, and settlement tactics for IBM software buyers.

IBM Audit

Independent, buyer side IBM software audit defense and negotiation. Not affiliated with IBM Corporation.

Services
Audit DefenseAudit NegotiationILMT RemediationSub-Capacity Defense
Products
WebSphereDb2CognosCloud Pak
Company
AboutContactJournalWhite Papers
Independent. Not affiliated with IBM Corporation.Buyer Side · Est. 2019