There’s actually quite a bit of information on the internet about the complexity in managing the technology licenses you purchase (and don’t purchase) from Oracle. This has been a problem for many versions, and is still a problem in the current version. Here are some examples:
In these articles the following patterns start emerging:
- Installing Oracle software enables extra cost “licensable” features that you may or may not be entitled to.
- Some of these features can be disabled. Others cannot be disabled by any method in the Oracle documentation.
- Regardless, Oracle databases track “usage” of all of these components in audit tables in the database.
- If Oracle audits your company for license compliance, data in the database audit tables will be used as evidence and may make your company liable for compliance
I don’t really want to debate Oracle’s intentions with these practices, or whether or not they’d actually compromise their relationship with their clients to pursue accidental use revenue. Oracle is a sophisticated organization and I think it’s safe to assume this behavior is deliberate and is designed for their own benefit. At best, these practices represent a risk for Oracle’s customers that need to be mitigated.
So if you are going to purchase and deploy Oracle software – and you almost certainly will given Oracle’s acquisition record – you need to take steps to protect your company from potential license compliance issues down the road.
To be fair the items I’m outlining here make sense when you license and deploy enterprise software from any vendor. But I’m picking on Oracle because I believe managing deployment of Oracle licenses is possibly the most complex challenge of its kind in the industry and it deserves special attention.
Before we go any further I need to put out the standard disclaimer. I am not a lawyer nor an Oracle licensing expert and I am not an authority on these topics. Do not take anything in this article at face value. Validate everything with your own experts. Hire your own consultants and attorneys who specialize in Oracle products and Oracle negotiation to help you through the process..
Now that that’s out of the way let’s get started. The areas I think you should focus on are:
- Initial contract negotiations
- Implementing an IT license tracking solution
- Create a compliance process that involves your strategic sourcing team and the technology folks who work with the products.
Reducing Compliance Risk Starts With The Contract.
Once you select a set of products that you want to purchase from Oracle, the negotiations start. Oracle typically extends relatively large discounts off the software list price (I’ve seen 50%-95% depending on the size of the deal). While that may seem like a lot and I agree it is very important, here are some other things besides price that are equally important to negotiate for:
- Oracle changes the terms of their licensing from time to time. This will not be to your benefit. Be sure to negotiate contract terms that lock in specific license metric definitions and license terms. And be sure to include language that protects you from the “click-through” agreements.
- Along the same lines, be sure to create a Master Services Agreement that will cover future purchases so that you don’t have to re-negotiate these terms with each incremental purchase.
- Don’t allow Oracle to audit your company for license compliance. In my opinion they shouldn’t have the right to show up and audit you unless they have evidence that you are out of compliance. Be sure to negotiate these terms carefully because it could save you from a ton of trouble later.
- Do include language that states if licensable components are installed without a specific notification in the installation program or in the software itself to inform someone that they are being installed then your company is not liable for any usage.
- Do not agree to use Oracle’s scripts that will crawl your servers and detect usage. Agree to provide this information from your own tracking system.
Deploy a License Tracking System
OK so hopefully you’ll start out with a contract that protects you from things like accidental deployments and random audit demands. The next layer of protection involves a system that can keep track of all of this for you so that you can assess your compliance at regular intervals and take the appropriate actions.
It is very difficult to track deployments and usages of every licensable component of the Oracle technology stack. Some of the links I mention above highlight the difficulty just within Oracle’s database products. And the problem grows when you start licensing other components of Oracle’s technology stack like SOA Suite, WebLogic Suite, Essbase, Coherence, etc.
The solution to this is to deploy a system to keep track of where software is deployed. I highly recommend you purchase and use an Software Asset Management Solution that has functionality to detect Oracle software specifically. Flexera is one such tool. Be sure to spend the time to test it’s effectiveness and to create the reports that you need to manage your compliance process. Leverage your technology team (ie DBA’s and admins) for the testing because they’ll understand how the software is installed, how it’s used, and will really get engaged when extra use features start popping up with usage when they’ve done everything in their power to stop them.
Your Compliance Process
OK so hopefully you have a contract that will protect you from the worst aspects of Oracle’s licensing practices, and you have a system that will track Oracle software usage. Even with all of that, you will not be successful if the folks maintaining your technology stack are unaware of what you’re licensed to use (and what you’re not), and how to keep from invoking accidental usage.
So here are some things to consider to take your compliance process the last mile:
- Designate a License Czar that will be the single point of contact in your organization for licensing matters.
- Limit the installation of new Oracle software to a core set of knowledgeable folks.
- Create a process whereby no one installs new software without approval, and license availability is checked up front and license use is logged. Include a process to detect when licenses are freed up by uninstalling or server decommissioning so they can be added to the pool of available licenses.
- Review your license reports on a regular basis and compare utilization against expectations. Follow up on discrepancies. Do this often enough to catch problems before they get deployed to production. Scan new installs immediately after install.
- Create a training class that covers topics like what Oracle licenses the company owns, how to install the products in a compliant manner, how to unlink or remove unlicensed features where possible, what features cannot be removed and how to avoid using them, and who in your company can answer questions about licensing.
- Make the training class mandatory before any employee or contractor gets access to your environment
One thing I might mention here: Folks should know not to ask Oracle directly about licensing questions. That’s kind of like asking the police for advice about your brother’s pot in the glove compartment. Also, no one in the technology team should respond to Requests for Information from Oracle. License questions and RFI’s should filter up to a single point of contact in your organization who’s the resident expert for all things licensing and who is authorized to engage Oracle regarding contractual matters.
This might be my first blog post that didn’t primarily target technical people. Since those are probably the only people who WILL read it let me say this: If you’re a DBA, Admin or Developer working with Oracle software, you need to be aware that in addition to the zillion other things you’re expected to do you also need to pay attention to license compliance. But also realize that you’re not in this alone and this isn’t entirely a technical problem. When questions or concerns come up work with the powers that be to get the right level of attention brought to the table. Your project manager might not appreciate it at first but I guarantee your executive management team will.
Hopefully if you take these steps you’ll insure a healthy relationship with all of your software providers including Oracle for many years. Oracle has some of the best enterprise software in the business, and you shouldn’t be afraid to use it. Just be aware that using Oracle software means you have to manage the license assets you purchase in a sophisticated manner.