Voltage data protection license metrics explained
Voltage came to OpenText through the Micro Focus acquisition, and its data protection products carry their own licensing logic that an audit can read expansively. Voltage license metrics turn on what counts as a protected record, a user, or a transaction, and the finding inflates when those definitions are stretched.
Voltage data protection covers tokenization, format preserving encryption, and related capabilities used to secure sensitive data in motion and at rest. Because these products sit inside data flows rather than on user desktops, their metrics tend to be volume or transaction based, and that makes them sensitive to the same counting problems that affect the rest of the ArcSight and security estate. Most Micro Focus products are governed by Additional License Authorizations, and Voltage entitlements should be read against those authorizations rather than against assumptions carried over from other products.
How Voltage tends to be metered
Voltage license metrics commonly attach to the scale of protected data or the volume of protection operations. Depending on the product and the agreement, that can mean a count of protected records, a transaction or throughput figure, a number of protected data stores, or a user or seat count for administrative tooling. The exact unit lives in the Additional License Authorizations for the specific product, which is why reading the ALAs is the first step in any Voltage defense. Assuming a metric without confirming it against the authorization is how a finding starts from the wrong base.
If a Voltage metric counts protection operations and the measurement folds in retries, test traffic, and operations against the same record at multiple stages, the operation count overstates real protected volume, and the finding inflates against it.
Where a Voltage finding inflates
- Operation and transaction double counting. A single record protected and later accessed can generate multiple operations. Counting each as a distinct licensable event overstates the metric.
- Non production protection. Tokenization and encryption running in test, development, and staging environments can be swept into the production figure even where the agreement scopes the metric to production use.
- Administrative and service identities. Where a metric counts users, service accounts and disabled identities can be counted alongside real administrators, the same trap that affects identity based ArcSight metrics.
- Data store and node counting. Protected data stores that are decommissioned, duplicated for failover, or used only for testing can land on a count built from configuration rather than live operation.
How we defend a Voltage finding
The defense follows the same method we apply across the security estate. We respond by taking over the channel during the seven day notice window. We reconstruct the effective license position by reading the Additional License Authorizations to fix the true metric, then rebuilding the count from real protected volume or real operations rather than from a measurement that captures the largest defensible reading. We rebut by stripping double counted operations, non production protection, and service identities, and by reconciling the corrected figure to the entitlement. We then resolve on the buyer's terms.
The pattern that produces reductions across our engagements applies directly here: identify the contractual unit, remove what should not be on the meter, and reprice to the defensible number. The same discipline that moved our banking ArcSight matter, case file E-03, from a $6.0M finding to a $1.8M settlement works on Voltage metrics because the failure modes are the same: peaks, duplicates, non production traffic, and identities that are not real consumers.
Reading the authorization first
The most important step in a Voltage defense is to confirm the metric against the Additional License Authorizations before accepting any measurement. The authorization defines the unit, the scope, and the capacity terms, and a finding that assumes a different unit is built on the wrong base. During the seven day notice window, route everything through a single controlled channel, preserve your own operation and volume telemetry, and do not concede a metric you have not verified. To bring in a defense team that reads the ALAs with you, open a case.
Why the Micro Focus heritage changes the analysis
Voltage did not originate at OpenText. It arrived through the Micro Focus acquisition that closed in early 2023, and that history matters for licensing because most Micro Focus products are governed by Additional License Authorizations rather than by the OpenText end user license agreement that governs the older ECM line. The practical effect is that a Voltage entitlement has to be read in its own terms. Assumptions carried over from a Documentum or Content Suite agreement do not transfer, and a finding that applies OpenText style reasoning to a product governed by the ALAs may be starting from the wrong framework entirely. The first thing we do in a Voltage engagement is confirm which document governs and then read the metric out of that document, not out of habit.
This also affects how capacity and version entitlements are interpreted. The ALAs frequently define capacity terms, bundling, and version rights in product specific language, and those definitions can expand an entitlement well beyond what a surface reading of the order would suggest. An entitlement that looks small on the order form can be considerably larger once the governing authorization is read in full, which is why entitlement reconstruction so often shrinks a Voltage finding before the counting arguments are even reached.
Sequencing a Voltage defense
The order of operations matters. We confirm the governing document, then fix the metric, then reconstruct the entitlement, and only then test the measurement against it. Running those steps in sequence prevents the common error of arguing about counts before establishing what is being counted and how much was actually licensed. By the time we reach the measurement, we know the unit, the scope, and the full entitlement, and the vendor figure has to survive comparison with all three. Most do not survive intact, because the figure was built to capture the largest defensible reading rather than the most accurate one, and accuracy is precisely what a disciplined reconstruction restores.
Have an ArcSight finding on the table?
Voltage findings come down the same way EPS findings do: confirm the metric, remove what should not be counted, reprice to the defensible figure. We reconstruct the effective license position before any vendor script runs, then challenge the finding line by line. To put a defense team between you and the vendor, open a case or download the ArcSight EPS defense briefing.
Get The Number Down →Related field notes
These notes from the ArcSight and Security audit defense cluster go deeper on the mechanics referenced above, and each links back to the complete OpenText audit defense playbook for 2026.
- Voltage SecureData token and key management licensing
- Voltage SecureMail user counting traps
- NetIQ identity and access license counting traps
- Sentinel event and data volume audit considerations
- ArcSight identity user definitions and consumer counts
If you have received an OpenText or Micro Focus audit notice, the first seven days shape every week that follows. OpenText Audit Defense is an independent, buyer side practice founded in 2020 by former vendor compliance leadership. We have defended more than 200 audits, cut the average finding by 68 percent, and mitigated more than $90M in claims against vendor positions. We do not resell OpenText software and we are not affiliated with OpenText Corporation. To open a case, use the contact form on this site.