The World's Greatest (Licensing) Podcast

VMware vs Allstate: Progress with the Lawsuit Brought by VMware

Palisade Compliance Season 1 Episode 30

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 31:07

A few weeks ago, we first reported on the lawsuit brought by VMware against Allstate over a license audit. In this episode, we look more deeply at the suit, the complaints by VMware, the role of Connor Consulting in the audit, and actions from both sides thus far.

Hear our perspective on this case as licensing experts. There are no cheerleaders – just a clear-eyed breakdown of where each side overplayed its hand and how a smarter audit strategy could have kept this out of court.

Setting The Stage: No Guest, A Lawsuit

SPEAKER_00

Hello everyone. This is Craig Arenti from Palisade Compliance, and your host on today's episode of the World's Greatest Podcast. For those of you who have been with us through our first year, you know we always have a guest on the show. Well, today's going to be a little different. We're not having a guest. We are going to, I guess our guest is going to be a lawsuit. This is a big one that was filed at the end of the year, back in December 2025, where VMware is suing Allstate over a license audit. And did you ever read a book or read a story? And you're just sort of not rooting for anyone in the story. Like everyone is, you know, you're just not happy with any of their performance. Well, that's the story for me, anyway. When I go through and I read the lawsuit that VMware filed against Allstate. You've got VMware. Um, we're gonna talk about you know what's not in the lawsuit. You got Allstate and how they're dealing with it, and then you've got a third-party Connor consulting. And we've seen Connor both helping customers who are being audited by vendors as well as sitting on the other side and uh helping vendors audit their customers. So wondering sort of uh what those guys are doing here. Um, so I don't know if you want to stick around for a story where you just can't root for anybody, but if you're in the world of software asset management, I think this is a fascinating story on uh how vendors target, how their customers honestly should not respond. And then also um, you know, how these third parties get in there and uh, you know, muddy the waters a little bit and sort of uh, you know, maybe, maybe play both sides. I don't know. Uh, but let's get into it. Uh, for those of you who are watching, you can see the lawsuit on the screen. And for those of you who are listening, uh, you're missing my amazing mug, world's greatest podcast host mug. Uh, but uh you're also missing the lawsuit, but we'll make sure that we uh talk you through it. So again, this one was filed uh just a few weeks ago in December, and it was filed in the Northern District of California. So it's a federal case, and uh VMware, they want a jury trial, they want to suit Allstate, or they are suing Allstate, and they want to go to trial. So let's go through the facts as they are uh portrayed by VMware. And now remember, this is just one side. So I'm not saying that Allstate did all the things here that VMware is accusing them of, but it's just uh noteworthy that this is what VMware is accusing them of. And Allstate has opportunity to uh reply uh to the lawsuit. I hope they do. I hope this stays public, I hope it uh goes to trial. I want to see what happens. I want to see how uh uh a jury finds in this case. You know, I'm not hopeful that that'll happen. I think that these always settle, uh, but it's uh noteworthy enough, it's newsworthy enough that it actually came to trial because these things uh usually don't. So specifically, what uh VMware is saying is that listen, they breached their contract, they had responsibilities and duties uh to do things and they didn't do it. So we want you, Judge, uh, to to declare that that uh we're right, and we want what's called specific performance. We want not just money from Allstate, but we want them to do certain things so that we know how much to charge them later. And let's talk about that uh in in a little bit. So uh the dates here are really important um in when uh the there's an ELA that Allstate signed and when the audit happened. But basically the agreements uh the master agreement that was signed was back in 2008. So in 2008, um Allstate signed up with VMware. This is of course before big big bad Broadcom bought VMware, uh, back when uh you know there was a lot more love going out to VMware, uh maybe than there is now. Uh and of course, there were audit rights included in that master agreement. And the interesting thing here, not only, again, according to VMware, I haven't read the contract, but I know uh examples of these, so I'm not uh um not disputing this. Uh VMware says not only do we have the right to audit them, but they need to, for two years from the end of their subscription or from the end of support, they need to maintain records so that we can go back and audit them. So it's not just you have to audit us today, but for two years, even if you stop using our stuff, uh Allstate uh is allegedly obliged to uh keep records available, and that's going to be important in the story a little bit later. Back in 2019, so fast forward 11 years, an Allstate enters a um uh ELA, enterprise license agreement uh with VMware, and that was extended. That was extended amendment number one three years later. So it was a 2019, they signed the original, and 2022 they extended that. And they extended it for another three years to run until July of 2025, so last year. So again, sounds like a couple of three years agreements here. Now, the interesting thing is, according to VMware, and again, they didn't share the agreements in their complaints, so I don't have uh access to them. Uh Allstate was supposed to provide a report to VMware in uh October of 2022, at the end of the first term of the ELA, so right after they signed the extension or the amendment one, they were supposed to uh provide a report to VMware. And according to VMware, they never did. Interesting thing enough, though, uh, as we go through this lawsuit, um, there's nothing in here that says VMware actually pursued that between uh 2022 and uh 2025. Uh so they it sounds like from VMware's own admission, they just let Allstate not produce the report. And then I think that's really important when we talk about sort of the the normal course of business. And uh even if Allstate was required to produce that report, if VMware just let them not do it with no consequences, does that have any uh legal implications to their lawsuit? Here, uh, we'll find out. So remember, this extension of this ELA runs until July of 2025. Now, and and here's some stuff here that uh we're gonna go beyond the bounds of this lawsuit. In March, several months before the ELA expires, in March of 2025, VMware issues a formal audit notice to Allstate. You've and it's funny, in their complaint, they say you've been selected for an audit. Uh no, you've been targeted for an audit. And there's a reason why we're auditing you. My guess is, and I'm gonna guess, well, you know what? I'm gonna make you wait for my guess. Um, sorry, you're gonna have to wait for that. Uh, so they they issued this three, four months before the ELA expires. You had to ask that, why would you do that? You have an enterprise license agreement. Um, why would you audit your customer during that term? Again, that's an easy one. Uh, we'll talk about that uh in a few minutes. Now, there are things that software vendors do that just drive me nuts. And this is one of them. According to VMware, this is why I don't like their behavior here, in according to VMware, when they sent the notice of audit, they said, quote, the notice letter further informed Allstate that any changes in Allstate's environment, such as upgrades, decommissions, migrations, made from the date of this letter throughout the license review process must be reported directly and promptly to VMware. End quote, ish there. If my client got a letter from a vendor that said, you can't make any changes without telling us, um, there would be not a nice response that went back to that vendor. Uh, my guess is uh there is nothing in the contract that requ between Allstate and VMware that uh prevents Allstate from making any changes they want and prevents um or requires them to report back to VMware. Uh so that's and we'll talk about what uh what I would have done if I was representing Allstate, and we are not representing Allstate, uh, as you can tell, because they're getting sued, and Palisate customers don't get sued. But anyway, so they send this letter uh during the ELA and they say you can't make any changes. I mean, you can make changes, but you have to let us know, right? Um, then there's a series of dates: April 11th, April 16th, May 5th, May 6th, and now insert a third party called Connor Consulting. And Connor Consulting, it's an interesting company because we've competed against them, where they are, you know, talking to customers about uh how to deal with software vendors and sort of helping them manage their software licenses. And now we see them on the other side. So you have to wonder you know, where do Connor Consulting's loyalties lie? Are they on the vendor side? Are they on the consumer of the software side? I don't know. You'll have to ask them. I know Palisade uh works for uh people who use the software and we represent them and not the vendors uh in audits. So Connor's in there, and again, May 6th, May 7th, May 14th, May 22nd, May 29th, June 3rd. I mean, it just goes on and on in terms of all the stuff that VMware claims and how many times Connor uh you know tried to get a hold of them and get them to move forward. Well, fast forward from the issuance of the audit letter, which again was way back on uh March 4th, finally, according to VMware, on September 12th, what is that? April, May, June, July, August, September, six months later, Allstate finally responds to VMware. And their consultants, assuming it's Connor consulting, saying this audit's over. We have removed all of your stuff, go away. Uh we have no way to run scripts and um nothing to see here. So basically, uh there's no data, there's no access, there's no information. Uh, we have stopped using your stuff. This audit is uh closed. Okay. Uh that's an interesting way to respond. So according to VMware, it is delay, delay, delay, and then shut everything down. Well, um VMware is like not so fast, not so fast. Um you have an obligation. You have an obligation, contractual obligation, I'll state. You need to keep records for two years. Sorry. So the fact that you got rid of all of it, if you did, in fact, get rid of all of it, uh, and you're not using our stuff anymore, that doesn't relieve you from your obligation to uh help with the audit and make sure that all the money you paid us uh is sufficient, uh, which is interesting because uh they had an enterprise license agreement. So how much more do you want uh while you're in one of those agreements? And um obviously um there was no renewal of that agreement in uh July of 2025. So again, audit letter sent in March, according to VMware, nothing is really happening. There's been uh very little, if any, responses from Allstate. Uh presumably the ELA expires in July, and then uh boom, in sept in October, um Allstate says, uh, yeah, we're not using your stuff. We we turned it all off. Uh so uh VMware is sort of left, is like, well, what do we do? They say they're not using our stuff, they refuse to uh cooperate. We are going to sue you, and we're gonna say that uh you have to provide all that information because we've incurred expenses as VMware, I guess paying you know big dollars to Connor Consulting, but I'm not sure what they did if if there was no back and forth except request a lot of meetings. So I'm not sure what the damages would be there unless Connor has some uh contingency or retainer agreement that costs VMware a lot of money. But uh maybe we'll find that out at uh at trial. Uh so those are the facts as VMware alleges them. Using our stuff, you didn't uh we chose you for an audit, we targeted you for an audit. Uh, you never responded, you didn't give us any information. Now you're saying you turned off our stuff. We have no choice but to sue you. And um, you know, it's not good faith that you're acting in, and you broke your contract with us. So we want a trial. Uh, we want you to uh give us all the information that we need because uh, you know, there are provisions in the contract that says you have to pay for Connor consulting if uh it goes above, let's say, 10%, I think it was 10%. Um but there's some things I'd want to talk about here. So a couple things here, a few things that I think are noteworthy about how VMware is doing this, and then a few things that um Allstate could have done differently. So again, I don't I don't think there's no there's no pure purity here. Uh I I'm not happy with uh what I'm reading here from anybody involved. Um so the first thing is again, look at the dates. VMware audited Allstate, presumably a really good customer of VMware's been buying obviously since 2008, at least one ELA that was extended into an amendment uh for second ELA or an extended ELA. Uh so my guess is Allstate has given VMware and Broadcom millions of dollars, but VMware doesn't care. They audit them anyway. Why do you think that is? Well, I'm gonna guess as to why VMware would audit a great customer like Allstate during an enterprise license agreement. And my guess is VMware knew that Allstate was moving away from their stuff. VMware knew that Allstate was not going to renew the ELA. And VMware salespeople were trying any way they could to get leverage to force a renewal and an extension from Allstate. You know, think about it from the software vendor and their sales team's perspective. Uh, if the customer won't call you, if you know they're moving away from your stuff, and if you know they're still using it, what's the downside of auditing them? It's a postage stamp. Now, in this case, um they're paying Connor, but uh, you know, other firms like Oracle, they keep that stuff in-house, so there are no extra fees, those are sunk costs. Um, so we always say, at least on the Oracle side, what does it cost Oracle to audit you? Well, it used to cost a postage stamp, and I'm dating myself, uh, and then it cost an email. So it um that's my guess, right? This wasn't a random selection of Allstate. This was a targeted attack against Allstate's IT budget. Um, and I'm not saying it was unjustified uh if you think the client is not only moving away from you, but then also uh ripping you off, perhaps, or using your stuff without a license or not paying the right fees for it. Uh you have the right to audit, so you you should if if you think that's what's happening. But I think this is not uh just about protecting IP. I think it's about that renewal. I think it's about changes that Broadcom made to VMware's licensing. Uh, and I think it's about perhaps an unhappy uh uh customer in Allstate moving away from VMware. Well, definitely moving away now. Uh okay, the second thing, so that was number one. Look at those dates. Uh, second thing is, and we talked about this for a couple of seconds, is in 2022, it sounds like Allstate had a requirement to report their usage back to VMware, and nothing happened according to VMware. They never sent that report. But there's nothing in the statement of facts, uh, and you could see all those dates that Connor every week or twice a week there are emailing and connecting with Allstate. Do this, do this, do this, do this. I don't see any of that fact pattern here for 2022. It's not like uh VMware, according to their own admission here, it's not like Allstate missed that report and VMware was like, where is it, where is it, where is it, where is it? It wasn't until 2025. Now VMware's saying, oh, they also forgot that report, right? Oh, let's let's open up the book. It's like you have an argument with your significant other and they start yelling at you for something that happened three years ago. It's like, what? I thought we were through with that. So who knows uh what happened there? I'd love to see uh if Allstate um comes back and says, those reports aren't really required. We missed all the dates beforehand, and you never said anything. It's just when we didn't want to renew your your stupid ELA that you came back and now you're busting our chops. Um I'm paraphrasing, by the way. I'm sure that language will not be in a brief. Uh so that's the other one. Like that, what happened to that 2022 report? Um, and then uh item number three that I think is real interesting here, and again, I I spoke about it is VMware's initial audit letter to All State saying you can't make any changes, or you can make changes, but you have to notify us. I mean, the ball's there, really. I mean, what? If I replace a server or if I move something, or if I'm moving everything I'm doing now, I've got to run by you. Not a chance. Never, ever, ever, ever, ever, ever agree to any of that. And if it's in your contract, get it out because it's just the worst contract language. This is what we call a palisade. Um, I think, again, I'd love to see the agreements, but if I saw uh another vendor like Oracle make that claim, I would say that is some MSU. That's where we make stuff up. And I use the word stuff, it's a family show here. Uh, so I say stuff. So MSU, you can't make any change, you have to run all the changes by us, or at least notify us of the changes. Um nonsense. And then the fourth thing, and again, what is Connor Consulting doing here? Are they an advocate for software users or are they an advocate for software vendors? Or maybe they're trying to be both. You know, somebody asked them. I don't know. Uh, but that's an interesting. Now you've got a third party in the mix. And uh obviously, you know, client talks to third party who talks back to uh who reports back to the vendor. Uh, you know, the third party is not doing an independent review, they're getting paid by VMware uh to audit and target and do things like that. So, you know, my assumption here is whether it's VMware doing the audit directly or Connor, uh, this is not about finding the ultimate truth. This is about finding leverage to get a customer to do something. That's typically what uh a license audit, I don't care, scratch off the name VMware and Connor, but that's typically how these audits work. Um, if they wanted the ultimate truth, literally both parties would pay for an independent third party to go in and do a review. Uh that's, you know, in maybe perhaps what a court is for. So now a court can decide uh what the ultimate uh truth was here. Okay. I bragged on uh riff ribbed on uh uh VMware a little bit and Connor. But what about Allstate? You know, this is not, at least from these facts here, this is not the pure innocent firm that's like, what me? I had no idea. Um, so I'll state it's a professional organization and they uh they know what they need to do. And again, I have no idea if anything in this complaint is true or false. I just know it's one side. Uh, but the one side uh portrays I if the facts as alleged in this complaint are in fact true, then I think Allstate did everything wrong in how they responded to VMware. And I would never, ever, ever, as an uh audit buster, as an advocate for my clients against vendors. I would never recommend Allstate do what they did. And number one, ignore. Ignoring notifications, ignoring responses, requests for response. Even if the answer is no, you're not getting it. Just send back some information, send back a response within a reasonable amount of time. It doesn't mean you have to do it the next day, but within a reasonable amount of time, think about your response, craft the response, make it truthful and accurate. And sometimes the answer is no, right? Sometimes we ask Santa Claus for things, and sometimes the answer is no. They they always answer, it's just no. So respond. Respond appropriately. Another thing is don't let the vendor make stuff up. Again, if I am All-state and I get a letter from a vendor that says we're going to audit you, and you need to uh notify us of any changes that you make. I mean, that's a three-month negotiation right there. If you want time on how to deal with a vendor, you just start picking apart their letter, right? If I had a vendor, because what's VMware gonna say? Oh, you're right, you don't have to notify us of anything. No, they're gonna they they've put their flag in the ground uh and they're gonna have that battle. So have that battle. You know, where does it say in my contract that I need to do that? Uh and it probably doesn't. Again, if VMware wants and Allstate want me to send that, I'll be the decider here. I'll be the ultimate truth decider. They can send it to me. So uh don't let um don't let VMware uh make stuff up. Now I'm not saying VMware is a bully here, but I do know software vendors in general like to bully their con their customers when it comes to audits. And I said they make stuff up. And one of the best ways to deal with the bully is to punch them in the face. Yes, I know I'm old and I say that, and it's probably not the right thing to say these days, but that's the quickest way to get them to stop. And the way you punch a software vendor in the face when they're trying to bully you is you respond right to their audit letter and you say, No, we're not doing that, we're not doing that, that's unreasonable. Here's the timeline, here's how we're doing it. Um, and and all of those things. And there's a thousand different ways to uh negotiate the audit process and sort of the audit requirements. Because guess what? If Allstate needs to be reasonable, so does VMware. And just saying you have to notify us with all of the stuff, or you have to run scripts uh or do all that stuff, um, I don't know if if uh Allstate thinks that's reasonable. We have very reasonable people in this world who believe it is an unreasonable request to take a software vendor's scripts and run them in your production environments, and who the heck knows what could happen? Uh, or to give information to a vendor completely unrelated to the usage of the products. Uh, we see that all the time. Uh again, not saying that uh that happened here. So you got to punch them in the face uh right away and negotiate the heck out of the audit timelines, the audit process, the audit methodology. The goal when you're dealing with a software vendor, you know, they want to make it very easy for you. Just fill out these spreadsheets, just send us some information, I'll be good. And then we're gonna put it in a black box and send it to Connor Consulting, and they'll figure stuff out, and then they'll give you a report at the end. And we're just gonna all uh realize that this is a very good experience. Uh, but that's not what happens. Uh that report comes back, and guess what? You owe millions of dollars to the vendor. Uh, and that's when it gets tense, and that's when it gets uh really contentious uh with the vendor. So, what I recommend uh companies like Allstate do, and any company that's responding with an audit is take all that stress and pressure and confrontation from an audit and move it way up to the beginning of the process. Don't let it sit and linger. Don't just do what the vendor says. And at the end, well, we'll let the vendor tell us if we're we're in compliance. That's nuts. Uh, in this case, it sounds like from what VMware says that Allstate ignored them. And then, you know, maybe VMware was right. If if they in fact thought Allstate was um moving away from their products, maybe Allstate just needed a few more months uh in you know from from March to October to really get rid of those VMware products. Um, so that um that could in fact uh be what happened here. Again, we we won't know for sure. Uh now one thing uh to note is we we don't have, or I I'm not reporting yet on any response from from Allstate. Uh so we just have the the one side of it. Uh I'm wondering what happens if Allstate terminates the master agreement with VMware? I wonder if that's an it that's an interesting strategy. If if I was talking to the lawyers here, if I was uh helping Allstate, that's a question I would ask is can we just terminate if you're really not using any of VMware's stuff, can you just turn like terminate the ELA? Because according to VMware, uh they still have a contract together and they and and Allstate has an obligation to maintain uh records for two years. Well, what if that agreement doesn't exist anymore? Now, some things obviously still apply. Like uh you have even though you terminate the agreement, you have to uh keep things confidential. Uh for example, um, you know, if you've if you have payment obligations, uh you haven't paid an invoice or a bill, you can't just terminate the contract and and get out of that. Uh so it'd be interesting to see, and again, we won't know. Like I'd need to read these agreements and then uh you know talk to uh all states council as well, see what uh, you know, how they would want to pursue it. But that's that's one of the things git given where they are now. Um it's not, I wouldn't recommend that on in March of last year. Uh, but if they called me today and started asking, like, how do we get through this? Uh you know, that might be a question that I would ask. So that is that. That is this really interesting case that talks about how vendors uh target their customers who perhaps are moving away from their products and not signing new ELAs. That's just a guess. How third-party consultants get in there and sort of mix it up and support one side or support the other. Um, that's up to you guys to decide if that's a good business model or not. Not something I would do. Um, and then you've got the consumer, the the customer here all state. And again, there it doesn't sound like they've got clean hands either, right? They uh according to VMware, ignored, ignored, ignored, and then said, ah, we're done. Um, so again, not not the way that I would uh have proceeded. Uh, but none of this is is how I would proceed. And that's uh, I guess uh if you listen to me and sort of work through these, you don't end up in court. Um but uh we'll see where this one goes. Uh we'll see how VMware uh pursues this. Uh we'll see what Allstate does. My guess is we're not gonna go to trial with this, but at least it makes for very interesting reading and it gives any customer of VMware slash Broadcom some food for thought in how you respond to Broadcom and how you respond to VMware. Because obviously uh they've been very aggressive with their clients, uh, read the news, um, and and that will impact your decision on how you uh proceed with them and how you push back. But I think there's tons of ways to push back uh based on this fact pattern, uh, even in putting everything in VMware's favor, uh, looking at it in the best possible light. Uh, there's things that uh Allstate could have done that would have gotten them to the same spot where at the end of the day they're just not using the software. And um, you know, what are you gonna audit if we're not using it? Uh obviously we always recommend customers stay in compliance. So if their agreement ended at the end of July, I would hope that they stopped using it by the end of July. Uh, but that is for the facts to see. So uh we're gonna have more reporting on this. We've got another lawsuit in our next episode. Uh I hope you found this uh interesting. And uh, you know, if you're interested in software licensing, you know, always reach out to us at Palace A Compliance, your audit busters. Uh, we can help you with any of these. And until the next time, we will see you soon on the world's greatest podcast.

Head Shot

Craig Guarente

Host
Head Shot

Ed Heyburn

Producer
Head Shot

Marisa Gallicchio

Producer