RE: Accidental Use of Oracle Active Data Guard

From: Dimensional DBA <>
Date: Mon, 8 Feb 2016 18:04:04 -0800
Message-ID: <025501d162de$279b5c90$76d215b0$>

Don’t answer this question to the list, but you need to think about why is a licenses audit being performed? Normally a license audit is only performed when it is believed you are in violation your licenses, such as turning on the OEM push back of data to Oracle Support for your databases, uploading files you provided during a recent SR, Talking to Oracle sales folks about what you are doing in your company including using products that they know are unlicensed, your company is in negotiation to reduce licensing cost or there is some other negotiation going on.  

For you, it would have been helpful to ask for the list’s support the moment your company was given notice that Oracle was demanding a license audit. We could have helped you in advance and eliminated the foreboding you are feeling .  

For now, you need to take a moment and breathe.

Once a license audit has started things are out of your hands and normally in the hands of Chief Legal Counsel and the CFO (sometimes the CIO) of your company.  

Having done licenses audits when I worked for Oracle Consulting, companies I have worked for (second thing I do normally starting with a company) and now in my own consultancy, what is being looked for normally relates back to that question up above. It really depends on the skill of the Oracle consulting person sent as to what breadth your audit will take as there is no training course in Oracle Consulting on how to do a license audit and there is nothing in the contract that determines how a license audit will be performed from a technical basis.  

Some pointers during the license audit

  1. Your technical personnel should not be talking to the auditor, including not going to lunch with them. Only a management level person normally part of the Legal or Finance team if not the Chief Legal Counsel or the CFO themselves, who will relate to the technical team what is needed from them for the audit to be performed.
  2. Your team should only provide Oracle what is required. You do not have to fulfill all requests from Oracle as they normally overreach in their requests. Your upper management will help with that decision.
  3. They should not have to have direct access to your servers if you provide a person to run the commands. Normally technical person is accompanied by lower management level person to ensure the conversation is only run this command and put output here, instead of the broader questions Oracle Consulting will want to ask.

You can send me a private email and I can provide you with a list of things to check for in unconventional places to verify license compliance.  

As to your question of defense, having worked for a variety of Chief Legal Counsels, some of who were previous prosecutors, you again need to breathe.

The defense can be impeded by the answer to the first question, but if your license snafu is a single database server and a human has made a mistake, the defense is simple and your Chief Legal Counsel will deal with it.

If this is one of a variety of license violations then the defense gets more complicated, versus it is single error committed on a single server or across the whole fleet. Single error type versus multiple error types.  

I have worked with Oracle Sales on a variety of license issues, but normally I am telling them when an issue occurred instead of them finding something in a licenses audit. There are a variety of things that you can do to help your Chief Legal Counsel which includes gathering up your logging information listener.logs and alert.logs on your databases before they roll off and interpreting the data for them.  

Some examples of license violations I have encountered.

  1. Those new server replacements had twice the cores as the previous servers and the DBA team and management was oblivious to that when the upgrades were done. This basically was a 32 core addition that including EE Edition, RAC, Partitioning, ASO, Management packs etc. It took a couple of weeks to get back into license compliance.
  2. A standby or primary server crashed and another server was pressed into service to maintain HA and the other server actually had a higher core count than the previous server.
  3. Databases were flipped off of servers to new servers and the previous servers were never deprecated or used again, but the Oracle SW was still installed.
  4. A set of test servers utilized production licensing for testing, then when the production servers were built, someone forgot to turn off the servers with still running databases in test.
  5. A UNIX/Linux admin mistakenly put the deployment line in Chef/Puppet code and deployed Oracle SW to the fleet left there until I did a license audit.
  6. A UNIX/Linux admin moved multiple physical servers to a VM Ware servers and spread the databases across the entire physical server fleet, which took 2 months to shuffle things around and condense the Oracle part of the fleet onto a smaller number of physical VM Ware hosts.

Matthew Parker

Chief Technologist

Dimensional DBA

425-891-7934 (cell)

D&B 047931344


 <> View Matthew Parker's profile on LinkedIn  

From: [] On Behalf Of Michael Cunningham Sent: Monday, February 08, 2016 5:01 PM
To: Andrew Kerber
Cc: oracle-l_at_freelists org
Subject: Re: Accidental Use of Oracle Active Data Guard  

Thanks Andrew.

On Feb 8, 2016 4:42 PM, "Andrew Kerber" <> wrote:

Contact house of brick technologies. They have done quite a bit of work with oracle audit defense.

Sent from my iPad

On Feb 8, 2016, at 5:37 PM, Michael Cunningham <> wrote:

Hello all, we have an Oracle audit going on and we are being told we are going to get charged for using Active Data Guard.  

Has anyone been successful in working with Oracle to have them realize these were unintentional and not deliberate?  

Technically the feature was enabled, but it was by accident and incorrect configuration of srvctl. As it happens, we had one standby database configured with db_startoption=open, and the other standby database with db_startoption=read only.  

The first was as a result of requiring a "failover" to physical standby and we missed setting the db_startoption=mount when we rebuilt the standby on the server that used to be primary.  

Each of the problems have been corrected, but Oracle is working on a bill and I'm looking for some advice from the group.  


Michael Cunningham

Received on Tue Feb 09 2016 - 03:04:04 CET

Original text of this message