There's actually quite a bit of information on the internet about the complexity in managing the technology licenses you purchase (and don't purchase) from Oracle. This has been a problem for many versions, and is still a problem in the current version. Here are some examples:
In these articles the following patterns start emerging:
Installing Oracle software enables extra cost "licensable" features that you may or may not be entitled to.
Some of these features can be disabled. Others cannot be disabled by any method in the Oracle documentation.
Regardless, Oracle databases track "usage" of all of these components in audit tables in the database.
If Oracle audits your company for license compliance, data in the database audit tables will be used as evidence and may make your company liable for compliance
I don't really want to debate Oracle's intentions with these practices, or whether or not they'd actually compromise their relationship with their clients to pursue accidental use revenue. Oracle is a sophisticated organization and I think it's safe to assume this behavior is deliberate and is designed for their own benefit. At best, these practices represent a risk for Oracle's customers that need to be mitigated.
So if you are going to purchase and deploy Oracle software - and you almost certainly will given Oracle's acquisition record - you need to take steps to protect your company from potential license compliance issues down the road.
To be fair the items I'm outlining here make sense when you license and deploy enterprise software from any vendor. But I'm picking on Oracle because I believe managing deployment of Oracle licenses is possibly the most complex challenge of its kind in the industry and it deserves special attention.
Before we go any further I need to put out the standard disclaimer. I am not a lawyer nor an Oracle licensing expert and I am not an authority on these topics. Do not take anything in this article at face value. Validate everything with your own experts. Hire your own consultants and attorneys who specialize in Oracle products and Oracle negotiation to help you through the process..
Now that that's out of the way let's get started. The areas I think you should focus on are:
Initial contract negotiations
Implementing an IT license tracking solution
Create a compliance process that involves your strategic sourcing team and the technology folks who work with the products.
Reducing Compliance Risk Starts With The Contract.
Once you select a set of products that you want to purchase from Oracle, the negotiations start. Oracle typically extends relatively large discounts off the software list price (I've seen 50%-95% depending on the size of the deal). While that may seem like a lot and I agree it is very important, here are some other things besides price that are equally important to negotiate for:
Oracle changes the terms of their licensing from time to time. This will not be to your benefit. Be sure to negotiate contract terms that lock in specific license metric definitions and license terms. And be sure to include language that protects you from the "click-through" agreements.
Along the same lines, be sure to create a Master Services Agreement that will cover future purchases so that you don't have to re-negotiate these terms with each incremental purchase.
Don't allow Oracle to audit your company for license compliance. In my opinion they shouldn't have the right to show up and audit you unless they have evidence that you are out of compliance. Be sure to negotiate these terms carefully because it could save you from a ton of trouble later.
Do include language that states if licensable components are installed without a specific notification in the installation program or in the software itself to inform someone that they are being installed then your company is not liable for any usage.
Do not agree to use Oracle's scripts that will crawl your servers and detect usage. Agree to provide this information from your own tracking system.
Deploy a License Tracking System
OK so hopefully you'll start out with a contract that protects you from things like accidental deployments and random audit demands. The next layer of protection involves a system that can keep track of all of this for you soRead More...