Dec 04, 2019

Two Simple Steps to Beat the Oracle Shock & Audit

Software license audits are a huge revenue source for Oracle. After they request your software compliance audit data, and after you submit it, Oracle will present you with the highest possible non-compliance number. This number, however, overlooks your entitlement and assumes any gray areas indicate non-compliance.

Two Simple Steps to Beat the Oracle Shock & Audit | Aspera Blog

Here’s your most important piece of Oracle license management advice: don’t dance to Oracle’s tune by negotiating from Oracle’s high number. Instead, start negotiating from a lower, more accurate number that takes your entitlements into account and clears up those gray areas.

Here are two crucial steps you should take to reach that fairer Oracle software license audit number.

1. Find Your Oracle Installations

Let’s journey into your Oracle estate. In some cases, you need a license for what’s been installed, even if it’s unused. In other cases, it’s the usage that matters. But it all starts with installations, so you must find them all first, then track their usage.

Oracle will request that you run their proprietary LMS scripts. We recommend using an Oracle-verified discovery & inventory tool. Aspera’s LicenseControl for Oracle uses Oracle-verified data, but there are others out there. Whatever you choose – a competitor solution, spreadsheets, rocks – here are a few items that you should be wary of on your inventory and discovery list:

• Editions & Packs & Options

Oracle products come in editions, like Enterprise or Standard Edition. Each edition has features, packs, and options that you’re entitled to use, if you’ve paid for its corresponding edition. Every feature, pack, and option is usually installed, even if you have a Standard edition. So, tracking installations and usage is important, especially accidental activations of expensive features, which will be important in the next step.

• Named User Plus (NUP)

This metric is based on users and devices that connect directly or indirectly to the Oracle database. User minimums apply to different database editions, which you must purchase. For example, an Enterprise Edition has a 25 NUP minimum. Good discovery will show what databases you have and which databases your NUPs are accessing. That reveals your license needs for those databases.

• Processor Licenses

CPUs are easier to track and maintain than NUP licenses and more cost-effective when your user count is high. The simplicity ends there… Sorry. To determine your license needs, you must count the number of cores in all your CPUs, then multiply it by the core factor for that configuration. For example, the Sun/Fujitsu UltraSPARC T1 processor has a core factor of 0.25, which you multiply with the number of those cores, which gives you the required license amount. Math!

• Virtualization

Virtualization, front-end user multiplexing, and cloud computing make tracking users, CPUs, and other compliance metrics a challenge. If Oracle is used in a virtual environment, in many cases, you must count all the virtual machines with their physical host. Remember: from a licensing point of view, each virtual machine should have the same number of cores as its corresponding full physical server.

AUDIT TIP: Multiplexing - Indirect Access for Oracle

Discover every application connected to an Oracle database and every user of those applications. Then either:

a) License all direct and indirect users of Oracle applications (because in this case, Oracle demands licenses for potential use, not actual use).

b) Look closely at external web applications. Should they be covered by Processor or NUP licenses? Probably Processor licenses, which can cover an unlimited number of users at a premium price. Otherwise, if they’re left unlicensed, Oracle might demand Named User Plus licenses on the millions of people who could access that web application, and the Oracle database on its back end, which is far less affordable.

Get more Oracle audit tips >>

2. Find Your Oracle Compliance

Now that you’ve discovered your Oracle installations and usage, it’s time to compare them to find gaps in your Oracle compliance. This is where understanding your obligations to Oracle is critical. And this is where detailed, granular data about your Oracle environment helps, which is why we recommend an Oracle-verified tool over Oracle’s scripts.

You might be able to inventory all your Oracle assets with standard discovery tools and spreadsheets, but they will leave gaps and you won’t be able to confidently determine compliance. If you miss gaps in compliance, then Oracle will happily find them for you and show you with an invoice.

Let’s review some compliance risks:

• Editions & Packs & Options:

Each edition’s features, packs, and options are installed but don’t have to be licensed if they’re not used – you pay for them when you activate them. It’s tricky because since everything is installed, they’re easy to activate. Activating Enterprise Edition features when you’re licensed for a Standard Edition means you will have to pay for using an Enterprise Edition. Yet there’s no easy fix. It can be complicated to block the activation of options, so constant vigilance of your usage is required.

AUDIT TIP: Know your Activations

A good Oracle license management tool will keep you compliant by alerting you when features, packs, or options are activated and determining why they were activated. This helps differentiate accidental activations from incidental ones. Then in an audit, you can prove they haven’t been used to avoid additional license fees.

Get more Oracle audit tips >>

• Named User Plus

You’ve counted your minimum NUPs per edition. Now the next step is finding the Oracle servers your NUPs are accessing, because they must be licensed. There are legitimate accesses and accidental accesses, and Oracle doesn’t make a distinction between the two. Making that distinction on your own – an accidental access is usually a one-time thing – and correcting it is the difference between compliance and a big license bill.

• Processor Licenses

Even if they’re not running, count all the servers on which an Oracle product is installed. You still need a license for them because, in this case, it’s the potential for use that is licensed instead of straight-up use. Take the core factor into account too. An Oracle-verified discovery tool will go beyond counting your core factors – it can show CPU status, so you can spot unlicensed cores.

• Virtualization

If you have a virtual machine running on a host server, how many licenses will it need? In Oracle’s eyes, not all virtual machines are equal. Depending on your virtual machine provider, you will have to partition your servers differently, which means licensing is different, which means the amount you pay is different.

Know your virtual machine providers and how they must be partitioned according to the Oracle Partition Policy. Even though that policy is a non-binding document, Oracle will try to hold you to it, which could mean a virtual headache in an audit.

And that’s what Oracle compliance feels like

You gathered and analyzed your entire Oracle estate. You’re so complaint it hurts. You could stop now, put your feet up, and submit your data when audit time rolls around. Or you can use that information to find some real cost-savings in your Oracle estate using Oracle license optimization.

Want more helpful tips to beat Oracle’s shock and audit? Download Aspera’s easy-to-read Oracle Audit Playbook.

Get it now >>



Topics: Audit Defense, Oracle