Software due diligence for on premises estates is where the largest latent licensing exposures in a deal usually sit. On premises software from Oracle, SAP, Microsoft, and IBM is metered against rules the target rarely tracks accurately: processor cores, named users, virtualisation, indirect access, and editions. The result is that an on premises estate can look fully paid for on the invoice and still carry an eight figure gap between what is deployed and what is entitled. Software due diligence for on premises estates exists to find that gap before it lands as a publisher audit after close.
This guide explains how to run that work under time pressure as part of the broader software due diligence method, and how it differs from the subscription work in software due diligence for SaaS heavy targets. The findings feed straight into license reconciliation once the deal closes.
Why software due diligence for on premises estates finds hidden exposure
Perpetual on premises licensing is governed by metrics that drift out of compliance silently. A target virtualises a database cluster and inadvertently brings every physical core into scope. A user count grows past the named user entitlement. A module gets switched on that was never licensed. None of this shows on the maintenance invoice, which is why standard IT diligence, focused on systems and security, walks straight past it. The exposure is latent and unquantified until a publisher tests it, and a change of ownership is one of the events that prompts the test.
Build an effective license position from the target data
The core deliverable is an effective license position: a publisher by publisher comparison of what the target owns against what it actually runs. You assemble entitlement from order forms, license keys, and historical purchases, then measure deployment from the estate itself, server inventories, processor data, user directories, and database options in use. The difference, expressed per publisher, is the exposure. This is the same discipline as building a software license position during diligence, applied to the metrics that bite on premises.
The publishers that drive on premises audit risk
The major audit risk after a deal comes from a short list: Oracle, SAP, Microsoft, and IBM, with Broadcom now driving exposure through VMware. These publishers run mature compliance functions and treat a change of ownership as a prompt to review an account. An acquired entity is a soft target because its records are often in disarray and its new owner has deeper pockets. The work in vendor specific diligence goes deeper on each publisher; the point in diligence is to size each one and rank them.
Key takeaways
- On premises exposure is metered against cores, users, options, and indirect access, none of which show on the maintenance invoice.
- The core deliverable is an effective license position per publisher: entitlement against actual deployment, with the gap expressed as a number.
- Virtualisation and indirect access are the two most common and most expensive drivers of on premises true up.
- A change of ownership is itself an audit trigger. Oracle, SAP, Microsoft, IBM, and Broadcom are the publishers most likely to act.
Virtualisation and indirect access deserve special attention
Two drivers account for most large on premises settlements. Virtualisation, where a database or middleware product is deployed on a virtual cluster and the publisher counts every physical core the workload could run on, not only the cores it does run on. And indirect or digital access, where users or systems touch a licensed product through an intermediary application and the publisher claims those touches require licensing. As of mid 2025, SAP pursued AB InBev for a reported 600 million dollars and Diageo for a reported 60 million in disputes tied to indirect and inherited licensing, which shows the scale these two drivers can reach. Treat both as priority lines in any on premises diligence.
Account for deal structure in the on premises position
Deal structure decides which contractual terms apply to the inherited estate. A stock purchase carries the existing agreements and their liabilities across unchanged, so any under licensing follows the target into the portfolio. An asset purchase or carve out can trigger anti assignment and change of control consent, which can mean a renegotiation or a fresh license at current pricing. The on premises position should state, per publisher, whether the chosen structure improves or worsens the exposure, so the deal team can decide whether to price it, escrow against it, or make remediation a condition of close.
From exposure number to deal action
An on premises position is only useful if it converts into a decision. Present each publisher exposure as a low, expected, and high range: the cost to cure quietly, the likely negotiated settlement, and the worst case at list price plus back maintenance. Name the probable audit window after close. Then recommend the lever, whether a price adjustment, a specific indemnity, an escrow, or a closing condition. That is how the work in the software due diligence report turns a technical finding into a commercial outcome.
Recommendations for buyers
- Measure deployment from the estate itself, not the target asset register. Server, processor, and directory data is the evidence a publisher will use.
- Prioritise virtualisation scope and indirect access for Oracle and SAP. These two drivers produce the largest settlements.
- Build an effective license position per publisher and express each exposure as a low, expected, and high range.
- Tie the number to deal structure and recommend a concrete lever before signing, then hand the position to the reconciliation team for day one.
Reconstruct the entitlement history, not just the current contract
On premises entitlement is cumulative. A target accumulates licenses over years through purchases, upgrades, migrations, and the agreements it inherited from its own past acquisitions. The current contract is only the latest layer, and reading it alone can both overstate and understate what the target actually owns. The diligence has to reconstruct the entitlement history: the original order forms, the upgrade and migration paths, and any licenses that came in through earlier deals. This matters because a publisher in an audit will hold the target to the full documented history, and a buyer that has only seen the latest renewal cannot tell whether an apparent shortfall is real or simply unrecorded. Reconstructing the history is slow work, but it is the difference between an entitlement number the buyer can defend and one that collapses on first challenge.
Watch the maintenance and support trap
On premises licensing carries a recurring maintenance cost that behaves in ways a buyer should understand before close. Lapsed maintenance can mean a publisher demands back support and reinstatement fees before it will sell the cure for an under licensing gap, which raises the cost to cure sharply. Maintenance also tends to be billed on the original license quantity, so a target that reduced its deployment may still be paying support on licenses it no longer uses, a recoverable saving. And maintenance contracts can carry their own change of control and assignment terms. The diligence should map maintenance alongside licensing, because the support line is often where the on premises estate quietly leaks cost and where a publisher finds its leverage in a dispute.
Why independence matters on premises
An on premises position built by a reseller or a publisher aligned firm carries a conflict, because the party measuring the gap also profits from selling the cure. An independent, buyer side advisor measures the estate without that incentive and presents a number the deal team can underwrite. That neutrality is what makes an on premises position credible to an investment committee and durable into post close reconciliation.