Re: Accidental Use of Oracle Active Data Guard

From: Michael Cunningham <napacunningham_at_gmail.com>
Date: Mon, 8 Feb 2016 18:18:21 -0800
Message-ID: <CAPt39tu1sfpa9DoMG8xgtV0oJjdk2P2cUZVVis78UfdvV1GWZA_at_mail.gmail.com>

Thanks to Matthew and Kathy for the additional input.

On Mon, Feb 8, 2016 at 6:04 PM, Dimensional DBA <dimensional.dba_at_comcast.net
> wrote:

> Don’t answer this question to the list, but you need to think about why
> is a licenses audit being performed? Normally a license audit is only
> performed when it is believed you are in violation your licenses, such as
> turning on the OEM push back of data to Oracle Support for your databases,
> uploading files you provided during a recent SR, Talking to Oracle sales
> folks about what you are doing in your company including using products
> that they know are unlicensed, your company is in negotiation to reduce
> licensing cost or there is some other negotiation going on.
>
>
>
> For you, it would have been helpful to ask for the list’s support the
> moment your company was given notice that Oracle was demanding a license
> audit. We could have helped you in advance and eliminated the foreboding
> you are feeling .
>
>
>
> For now, you need to take a moment and breathe.
>
> Once a license audit has started things are out of your hands and normally
> in the hands of Chief Legal Counsel and the CFO (sometimes the CIO) of your
> company.
>
>
>
> Having done licenses audits when I worked for Oracle Consulting, companies
> I have worked for (second thing I do normally starting with a company) and
> now in my own consultancy, what is being looked for normally relates back
> to that question up above. It really depends on the skill of the Oracle
> consulting person sent as to what breadth your audit will take as there is
> no training course in Oracle Consulting on how to do a license audit and
> there is nothing in the contract that determines how a license audit will
> be performed from a technical basis.
>
>
>
> Some pointers during the license audit
>
> 1. Your technical personnel should not be talking to the auditor,
> including not going to lunch with them. Only a management level person
> normally part of the Legal or Finance team if not the Chief Legal Counsel
> or the CFO themselves, who will relate to the technical team what is needed
> from them for the audit to be performed.
>
> 2. Your team should only provide Oracle what is required. You do
> not have to fulfill all requests from Oracle as they normally overreach in
> their requests. Your upper management will help with that decision.
>
> 3. They should not have to have direct access to your servers if
> you provide a person to run the commands. Normally technical person is
> accompanied by lower management level person to ensure the conversation is
> only run this command and put output here, instead of the broader questions
> Oracle Consulting will want to ask.
>
>
>
> You can send me a private email and I can provide you with a list of
> things to check for in unconventional places to verify license compliance.
>
>
>
> As to your question of defense, having worked for a variety of Chief Legal
> Counsels, some of who were previous prosecutors, you again need to
> breathe.
>
> The defense can be impeded by the answer to the first question, but if
> your license snafu is a single database server and a human has made a
> mistake, the defense is simple and your Chief Legal Counsel will deal with
> it.
>
> If this is one of a variety of license violations then the defense gets
> more complicated, versus it is single error committed on a single server or
> across the whole fleet. Single error type versus multiple error types.
>
>
>
> I have worked with Oracle Sales on a variety of license issues, but
> normally I am telling them when an issue occurred instead of them finding
> something in a licenses audit. There are a variety of things that you can
> do to help your Chief Legal Counsel which includes gathering up your
> logging information listener.logs and alert.logs on your databases before
> they roll off and interpreting the data for them.
>
>
>
> Some examples of license violations I have encountered.
>
> 1. Those new server replacements had twice the cores as the
> previous servers and the DBA team and management was oblivious to that when
> the upgrades were done. This basically was a 32 core addition that
> including EE Edition, RAC, Partitioning, ASO, Management packs etc. It took
> a couple of weeks to get back into license compliance.
>
> 2. A standby or primary server crashed and another server was
> pressed into service to maintain HA and the other server actually had a
> higher core count than the previous server.
>
> 3. Databases were flipped off of servers to new servers and the
> previous servers were never deprecated or used again, but the Oracle SW was
> still installed.
>
> 4. A set of test servers utilized production licensing for testing,
> then when the production servers were built, someone forgot to turn off the
> servers with still running databases in test.
>
> 5. A UNIX/Linux admin mistakenly put the deployment line in
> Chef/Puppet code and deployed Oracle SW to the fleet left there until I did
> a license audit.
>
> 6. A UNIX/Linux admin moved multiple physical servers to a VM Ware
> servers and spread the databases across the entire physical server fleet,
> which took 2 months to shuffle things around and condense the Oracle part
> of the fleet onto a smaller number of physical VM Ware hosts.
>
>
>
>
>
>
>
> *Matthew Parker*
>
> *Chief Technologist*
>
> *Dimensional DBA*
>
> *425-891-7934 <425-891-7934> (cell)*
>
> *D&B *047931344
>
> *CAGE *7J5S7
>
> *Dimensional.dba_at_comcast.net <Dimensional.dba_at_comcast.net>*
>
> *View Matthew Parker's profile on LinkedIn*
> <http://www.linkedin.com/pub/matthew-parker/6/51b/944/>
>
>
>
> *From:* oracle-l-bounce_at_freelists.org [mailto:
> oracle-l-bounce_at_freelists.org] *On Behalf Of *Michael Cunningham
> *Sent:* Monday, February 08, 2016 5:01 PM
> *To:* Andrew Kerber
> *Cc:* oracle-l_at_freelists org
> *Subject:* Re: Accidental Use of Oracle Active Data Guard
>
>
>
> Thanks Andrew.
>
> On Feb 8, 2016 4:42 PM, "Andrew Kerber" <andrew.kerber_at_gmail.com> wrote:
>
> Contact house of brick technologies. They have done quite a bit of work
> with oracle audit defense.
>
> Sent from my iPad
>
>
> On Feb 8, 2016, at 5:37 PM, Michael Cunningham <napacunningham_at_gmail.com>
> wrote:
>
> Hello all, we have an Oracle audit going on and we are being told we are
> going to get charged for using Active Data Guard.
>
>
>
> Has anyone been successful in working with Oracle to have them realize
> these were unintentional and not deliberate?
>
>
>
> Technically the feature was enabled, but it was by accident and incorrect
> configuration of srvctl. As it happens, we had one standby database
> configured with db_startoption=open, and the other standby database with db_startoption=read
> only.
>
>
>
> The first was as a result of requiring a "failover" to physical standby
> and we missed setting the db_startoption=mount when we rebuilt the
> standby on the server that used to be primary.
>
>
>
> Each of the problems have been corrected, but Oracle is working on a bill
> and I'm looking for some advice from the group.
>
>
>
> --
>
> Michael Cunningham
>
>

-- 
Michael Cunningham

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Feb 09 2016 - 03:18:21 CET

This message: [ Message body ]
Next message: Nagaraj S: "Re: OEM Database Target Host"
Previous message: Dimensional DBA: "RE: Accidental Use of Oracle Active Data Guard"
In reply to: Dimensional DBA: "RE: Accidental Use of Oracle Active Data Guard"
Next in thread: Michael Cunningham: "Re: Accidental Use of Oracle Active Data Guard"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message