Missing ILMT agents, the silent full capacity exposure.

Why the gap is silent

ILMT does not fail loudly. When an agent stops reporting, or a new host is provisioned without one, the tool keeps producing reports for everything it can still see. The output looks complete because it only shows what is covered. The exposure lives in the hosts that are missing from the report, not the ones that are in it.

That is why missing agents are usually discovered by the auditor, not the customer. The data that would reveal the gap is the data that is not there.

What a missing agent actually costs

Sub capacity requires continuous reporting on every eligible host. A host without a reporting agent has no evidence of its virtual core count for that period, so IBM applies full capacity to the entire physical machine. A single uncovered host running WebSphere on four of 32 cores moves from 480 PVU to 3,840 PVU for as long as the agent was absent.

Where agents go missing

• New provisioning. Hosts and clusters spun up without the agent baked into the image.
• Migrations. Workloads moved to new hardware where ILMT coverage never followed.
• Silent failures. Agents that stopped reporting after an update, a credential change or a firewall rule, with no alert raised.
• Scope drift. Eligible software installed on a host that was never in the ILMT scan list.

Finding the gap before IBM does

The defense is reconciliation, not trust. Line up every host running eligible IBM software against the list of hosts ILMT actually reports on, and the missing agents surface immediately. Restore coverage, document the correction, and where a past period is genuinely exposed, build the argument before it appears as a finding. A gap you found and fixed is a far stronger position than one IBM found for you.