How to, Oracle Audit Defense, Oracle Licensing, Oracle License Management. Road map for audits, toolskit
To get this slidedeck contact me on https://redresscompliance.com
2. Oracle License Audits â Who are performing them?
Outsource its audits â its done in-
house.(LMS org)
If it is a partner that partner is not paid
money by Oracle. But are compensated if
there a short fall. SevenEights, Innoapps.
Usually these partners are not
professional consulting companies, but
more geared towards resellers. (low
experience, not much SAM experience or
Oracle licensing knowledge.
You can decline these âpartner ledâ audits.
3. Oracle LMS does not
Knock on your data centre and ask to be
let in.
Oracle does not use any
discovery tool, so they can only
find the software deployments
that you have.
Many Oracle Software products there is
no data measurement tool and Oracle
relies on you providing truthful
information.
Oracle LMS does
have
A in-house developed tool that
will identify active usage today
and what has been used in the
past for certain products.
4. AUDIT
Different types of âauditsâ
⢠Oracle partner led license review
⢠Review letter is being send from
Oracle LMS
⢠Client needs to send an acceptance
to Oracle LMS
⢠Partner is managing the project
⢠Data is shared 1 on 1 with Oracle,
script outputs analysed by Oracle
⢠At end client receives an official
compliance statement
⢠IS NOT AN AUDIT
⢠Letter from sales
⢠Looks the same as an Oracle
license review, since same
documents are being used
(OSW,âŚ)
⢠Playing on the clientâs lack of
knowledge regarding the audit
processes of Oracle.
⢠Purpose: find sales leads
LMS
Partner led
Soft audit
Audit
License review
License advisory service
5. Oracle selecting customers for audits
They are not
random, they are
selected based on
suspicion on non-
compliance.
Ultimately
it is the sales rep
who approves the
audit going forward
or not. (Sales reps
can nominate and
they can also
veto the audit.
6. Who are selected?
Customers Oracle believe are
non compliant and will
generate revenue
Based on a mix of factors, no
science.
7. How can you avoid being audited?
MAKE ORACLE BELIEVE YOU IN FULL
CONTROL WITH YOUR ORACLE
LICENSING.
BE WELL-INFORMED when you are talking
to Oracle. If you Oracle notices that you are
not informed on licensing and contracts
higher risk of an Oracle audit.
8. 7. You have logged support tickets with
Oracle and in the ticket, you are
describing using technology features that
you donât have a license for.
8. You decided to NOT to accept an Oracle
licensing or cloud solution.
9. You told Oracle that you are not interested
in meeting or have any new âprojectsâ that
might involve buying more Oracle
Software.
10. You have a new sales rep; some sales
reps believe in auditing customers more
than others.
11. Declining to renew your Oracle ULA.
12. You were non-compliant in the last license
audit
12 Most common reasons for being audited by Oracle
?
1. You have Old License Metrics or NUP
licenses (Tech)
2. You have acquired a company or merged
with another company, by default you can
be non-compliant on simply the contract
itself.
3. You have made a large hardware refresh,
which often changes licensing
requirements.
4. You have not been audited for more than
3 years.
5. You have Oracle EBS but donât have full
use licensing for technology.
6. Oracle (often Sales) have heard that you
are using virtualization technologies.
(VMWare)
1
2
3
4
5
6
7
8
9
10
11
12
9. 2 ways for how you are selected for an audit.
Sales rep
nominated customer
for LMS
LMS approves
LMS sends out
notification letter.
PROCESS 1
Oracle LMS has
a list of
companies they
want to audit
List put
together based
on
LMS shared list
with Sales to
get agreement
on who to audit.
Sales discuss
with LMS
(results in last
audit? Details on
selection criteria
Sales gives
blessing to
audit
LMS sends out
letter
PROCESS 2
Old license metrics
Named user plus
licensing
Merger and acquisitions
3yrs+ since last audit.
Audit
Audit
11. Exercise
Can you decline a âpartner auditâ ?
Answer A:
ďź No, Oracle decides
Answer B:
ďź Yes you can, JPE partners earns money on
reselling licenses. (not objective audit)
12. Exercise
How often do Oracle audits its customers?
Answer A:
ďź Every 5 years
Answer B:
ďź Every 3 years
13. Exercise
Who selects at Oracle selects customers for audits?
Answer A:
ďź LMS only
Answer B:
ďź Officially it is LMS, but indirectly/unofficially it is
done together with sales.
14. Exercise
If I am audited with Oracle come to my data center?
Answer A:
ďź No, they ask you to run their tools.
Answer B:
ďź Yes, they will always come to my data center
15. Exercise
Which of this events are likely to trigger an audit?
Answer A:
ďź I terminate my support agreement
or move it to third party support.
Answer B:
ďź I tell Oracle that we have no new projects where
there is a sales opportunity (license/cloud)
16. Exercise
Which of this events are likely to trigger an audit?
Answer A:
ďź You have old license metrics or user based
licensing.
Answer B:
ďź We have in the past year merged with another
large company
17. Exercise
I receive an email from Oracle saying I should fill in an OSW
Do I need to co-operate?
Answer A:
ďź Yes, you need to comply with Oracle email
Answer B:
ďź No, this sounds like a sales review. There is no
contract obligation to co-operate with Oracle.
18. Which strategies has worked for other companies to avoid audits?
1# License Compliance (Oracle
donât audit customers who they
know are good at license
management)
1. Do a license review (use LMS style scripts,
with an Oracle Expert firm.. Not a reseller or
generic firm â in which case Oracle wont
believe the results from)
2. Consider sharing high level info with
Oracle (verifying results): If Oracle believes
that you have full control over your license
management. They will not audit you.
This is does not apply to: âwe bought a SAM
tool which is Oracle LMS certified and now
we can give you the outputâ - > having that
approach will lead to disaster
.
#2 âBest friends strategyâ (Make Oracle Sales your best
friend)
1. If you annually buy new Oracle Licenses and Cloud (not support) no audits.
2. If you dont buy Oracle you need to have a relationship with your Oracle KAD. (The
sales rep initiates the audit)
3. Be open and make Oracle believe that you are considering their solutions.
If you refuse to met Oracle and are open that you donât want to deal with
them - > Oracle have nothing to loose by auditing your company.
3# âWe pay money to keep
Oracle awayâ - Buy yourself out
of an audit
If you sign a ULA/PULA you wont be
audited unless you want to exit the
agreement. You can also if audited by Oracle
buy something and have them cancel the
audit.
#1
#2
#3
19. Scripts/Tooling
⢠Oracle provides their own scripts for audits
⢠Scripts are continuously being developed and made
better
⢠Currently: Oracle LMS Collection Tool
â Captures: DB, Middleware, EBS, âŚ
â Limitations: some license metrics make tracking
by tools impossible (e.g. Employee user)
Why should you NOT run the
scripts?
⢠It will be used as proof if you
used unlicensed software
⢠LMS collection tool might
pick up software which is not
in scope and Oracle will look
at it (and ask questions)
ORACLE SCRIPTS1
TO RUN OR NOT TO RUN? THATâS THE QUESTION.
⢠No mention of running scripts in the contract
⢠Does the client get a choice? Not really, Oracle LMS will require it.
20. Scripts/Tooling
⢠Oracle provides their own scripts for audits
⢠Scripts are continuously being developed and made
better
⢠Currently: Oracle LMS Collection Tool
â Captures: DB, Middleware, EBS, âŚ
â Limitations: some license metrics make tracking
by tools impossible (e.g. Employee user)
Why should you RUN the
scripts?
⢠Oracle LMS might start to
threaten if you refuse
(although no contract obliges
the running of scripts)
⢠They might be more difficult
to deal with if eventually any
license deficits are found.
ORACLE SCRIPTS1
TO RUN OR NOT TO RUN? THATâS THE QUESTION.
⢠No mention of running scripts in the contract
⢠Does the client get a choice? Not really, Oracle LMS will require it.
Argumentation
⢠Performance impact of the audit tools
proposed?
⢠Data collected:
- Why?
- Which data is gathered, understand the
detail?
- Where is the data collected from?
- How will it be used?
- Can this sort of data leave the premises?
- Where in the world is this data being
processed/stored? (Roumania)
21. Oracle LMS tools âLMSCollectionâ
COMBINATION
of server worksheet,
questionnaires and
scripting
S O M E E X A M P L E S
CPU queries Virtual infrastructure screenshots
ReviewLite OMT User reports
DDL queries FMW scripts
Extraction scripts Siebel
22. Scripts/Tooling
⢠A number of tooling providers are Oracle LMS Certified.
⢠What does this mean?
⢠Means the deployment output from the tool is accepted by Oracle LMS
during an audit.
ORACLE CERTIFIED TOOLS2
Some notes:
⢠Only the âServer Worksheetâ containing deployment information, not the baseline results. Oracle will still investigate and ask
additional questions.
⢠Certification applies only to DATABASE products, not for any other Oracle software.
23. Audit Process by Oracle
PHASE 1
Notification
⢠Notification letter by Oracle, indicating
partner
⢠Acceptance required
⢠45 days prior written notice
⢠Directed at CFO
Kick-off with customer
⢠Scoping (Infrastructure, Customer
definition)
⢠Timeline
⢠Agreement on License Inventory
Data gathering
⢠Measurement? (If applicable)
⢠Complete Oracle Server Worksheet
⢠Questionnaire
⢠2 to 3 weeks standard timeframe
1
24. Audit Process by Oracle
PHASE 2
Data analysis
⢠Review measurement tooling output
⢠Review questionnaire
⢠Clarifications
⢠3 to 5 weeks timeframe
Reporting
⢠Draft report
⢠Review draft with client
⢠Final report with
non-compliance findings
2
25. Audit Process by Oracle
PHASE 3
Solution
⢠Solve the findings within 30 days
⢠Negotiate
3
26. Exercise
Which is the best way of avoiding a new license audit
from Oracle?
Answer A:
ďź Renew our ULA every 3 years
Answer B:
ďź Implement robust Oracle License Management
control.
27. Exercise
Why does Oracle want to start the audit so quick?
Answer A:
ďź They are helpful and efficient.
Answer B:
ďź Oracle donât want you to be able to take any
remediation activities.
28. Exercise
What is the name of Oracle main audit tool?
Answer A:
ďź Oracle uses certified LMS tools.
Answer B:
ďź LMSCollection
29. Exercise
Can I refuse to run Oracle provided tools?
Answer A:
ďź No, its in the contract that I must co-operate.
Answer B:
ďź Maybe, review your contract language and
understand how much you need to co-operate
30. Exercise
If I have an Oracle certified SAM tool what does it mean?
Answer A:
ďź It means nothing, except Oracle accepts
the high level deployment info (OSW).
Answer B:
ďź Oracle will almost always want you to also run
their data measurement tools
31. Exercise
Why is it a bad idea to hand over SAM tool data to Oracle?
Answer A:
ďź Because the SAM tool data may be incorrect
Answer B:
ďź If you tell Oracle you have such tools, then you
can provide Oracle data within days. No time to
review your licensing.
32. AUDIT NOTIFICATION 45 DAYS
Oracle License Audit â Phase 1 â âstart of internal auditâ
Review audit letter
Review Audit Clause
Review Licensing
Use Data Measurement tools
Scope?
Legal entities?Products?
Qualify Risk areas
Engage Expert
Licensing Position
Reduce 90-100% of license gap
Do not acknowledge the letter
Donât use SAM tool!
Remediation Activities
4 ITEMs to check
If needed: deploy stalling tactics
to delay audit
How to prepare
33. Step:
Description: Oracle sends a letter to your
CIO/CFO saying they want to
audit your usage of Oracle
Software.
Recommendations: Do not reply, wait until 45 days
has passed
How important do I
think this is?
Benefits:
You have at least 45 days before
you need to reply. If you donât reply
at that time Oracle will contact again
to see if you received letter. (can
buy additional 14-21 days)
What actions should you
take:
Absolutely nothing, donât reply
to the email letter you
received from Oracle.
Audit Letter
Back to
roadmap
What kind of audit is it?
Example of formal license
audit notification
34. Different types of audit
⢠Oracle partner led license review
⢠Review letter is being send from Oracle
LMS
⢠Client needs to send an acceptance to
Oracle LMS
⢠Partner is managing the project
⢠Data is shared 1 on 1 with Oracle, script
outputs analysed by Oracle
⢠At end client recieves an official
compliance statement
⢠IS NOT AN AUDIT
⢠Letter from sales
⢠Looks the same as an Oracle license
review, since same documents are being
used (OSW,âŚ)
⢠Playing on the clientâs lack of knowledge
regarding the audit processes of Oracle.
⢠Purpose: find sales leads
LMS
Partner led
Soft audit
Audit
License review
License advisory service
Back to
roadmap
35. Example: Oracle Audit Letter
1. Your Oracle AM has already approved audit
2. Oracle LMS wants to start audit ASAP
3. 10 more additional days
Source: https://www.itassetmanagement.net/wp-content/uploads/2016/03/Oracle-
Review-Notice-.pdfBack to
roadmap
36. Step:
Description: Review how much you need to
co-operate with Oracle and
understand how much âpowerâ
you have.
Recommendations: Review âinterfere with your
business operationsâ and no
mentioning of scripts
How important do I
think this is?
Benefits:
Understand scope areas Oracle
wants to focus on.
What actions should you
take:
Donât assume that Oracle wants
to audit every product.
Sometimes the audit is focused
then you can focus your
investigations
Review Audit Letter
Back to
roadmap
Review example
37. Step:
Description: You should negotiate scope of
audit, products, entities.
Timeline what data is collected
Recommendations: Very important!
How important do I
think this is?
Benefits:
Time saver
Save money
Audit will end quicker
What actions should you
take:
After license position and
remediation.
Negotiate scope of audits
Scope of audit?
Back to
roadmap
Best practices: Negotiating
Audit Scope
38. Step:
Description: Oracle wants to audit all
products, but you CAN
negotiate the scope of products
Recommendations: Evaluate if you have any risk
then take necessary action.
How important do I
think this is?
Benefits:
Reduce Risk
Save time (smaller audit)
Audit will end quicker
What actions should you
take:
Review licensing
If there is any risk you might
consider excluding that product
from the audit
Products to audit?
Back to
roadmap
Product in scope of audit
39. Negotiation of the scope
⢠Lately not all Oracle LMS
Consultants share their view
on the clientâs license
entitlements.
⢠Itâs important to start any
audit with a clear license
base. What is Oracle looking
at and do we agree with this
view?
Product scope
⢠Different products can be managed by
different departments
⢠Application contracts are oftened
managed at a different level of the
company entirely (not always IT).
It will also make it possible to
scope the products.
Back to
roadmap
40. Step:
Description: Which legal entities should be
included in the audit?
Recommendations: Can be a benefit to exclude
some entities.
How important do I
think this is?
Benefits:
Smaller audit scope = audit smaller
Less Risk
Flexibility to cover license gaps
What actions should you
take:
Review which entities own which
licenses. If entities in another
country/regions run Oracle
specific apps might be good to
exclude.
Legal Entities in scope?
Back to
roadmap
Negotiate org scope
41. Negotiation of the scope
⢠Know what you are going
to talk about
⢠Limit the possibility of
unknowns
⢠Ask for Oracleâs license
base (do we agree on
their scope and license
base)
Why?
⢠Depends on contract and
organisational setup
⢠Contract:
â In case of 1 contract or
central purchasing: Oracle
will likely include all
â In case of multiple contracts
through multiple entitiesâŚ
easier to limit the scope.
How?
⢠Centralised IT: more
difficult to reduce scope
⢠Multiple IT Departments:
easier to limit scope â no
central management so
Oracle will need to
contact multiple
departments. Better to
reduce scope
Organisational setup:
Back to
roadmap
42. Step:
Description: Oracle audit clause is pretty
weak, their reputation is not
matched by their contracts.
Recommendations: Review language, to understand
when you can say âNOâ
How important do I
think this is?
Benefits:
Fight for your right
Donât share all data
Know when to say No to avoid
spending time on data collection.
Set timeline to Oracle to finish audit.
What actions should you
take:
Review clause
Understand internally how
much data to share &
collaborate
Review audit clause?
Back to
roadmap
Review your contracts
Best practices: Understanding
your rights
43. Review of audit clause until 2019 (for all older agreements)
âUpon 45 days written notice, Oracle may audit your use of the programs. You agree to
cooperate with Oracleâs audit and provide reasonable assistance and access to information.
Any such audit shall not unreasonably interfere with your normal business operations.
Oracle shall provide you with a report of any such audit and you shall have the right
to provide a written response to such report to Oracle. All such audit reports and responses to
such audit reports shall be considered confidential and subject to the
non-disclosure obligations in this agreement.
You agree to pay within 30 days of the final audit report any fees applicable
to your use of the programs in excess of your license rights. If you do not pay, Oracle can
end your technical support, licenses and/or this agreement. You agree that Oracle shall not be
responsible for any of your costs incurred in cooperating with the audit.â
OLD - The Clause
Back to
roadmap
Compare new audit clause
44. Upon 45 days written notice, Oracle may audit Your use of the Programs to ensure Your use of the Programs is in compliance with
the terms of the applicable order and the Master Agreement. Any such audit shall not unreasonably interfere with Your normal
business operations. You agree to cooperate with Oracleâs audit and provide reasonable assistance and access to
information reasonably requested by Oracle. Such assistance shall include, but shall not be limited to, the running of
Oracle data measurement tools on Your servers and providing the resulting data to Oracle. The performance of the audit
and non-public data obtained during the audit (including findings or reports that result from the audit) shall be subject to
the provisions of section 8 (Nondisclosure) of the General Terms.
If the audit identifies non-compliance, You agree to remedy (which may include, without limitation, the payment of any fees for
additional licenses for Programs) such non-compliance within 30 days of written notification of that non-compliance.
If You do not remedy the non-compliance, Oracle can end (a) Program related Service Offerings (including technical support),
(b) Program licenses ordered under this Schedule P and related agreements and/or (c) the Master Agreement. You agree that
Oracle shall not be responsible for any of Your costs incurred in cooperating with the audit.
Source: https://www.oracle.com/a/ocom/docs/lic-online-toma-us-eng-v040119.pdf
NEW - The Clause
Back to
roadmap
New Audit clause (only if you sign a new OMA)
Compare old audit clause
45. The base for the audit
UNDERSTANDING THE AUDIT CLAUSE
Part of the Oracle
Agreement (OLSA,
TOMA, OMA, ULA, âŚ)
gives Oracle the right
to audit their clients
Some old Legacy
agreements may
not contain Audit
Clause!
If you have
purchased Oracle
Software at parent
level â audit must be
done there not in
local subsidiary.
Back to
roadmap
46. Step:
Description: Before/Same time as you
engage license expert. You can
do a quick review of any
obvious risks.
Recommendations: Start ASAP
How important do I
think this is?
Benefits:
Provide management a business
case why you need to hire an
Oracle license expert.
Get quick overview over your
licensing situation
(worse/ok/bad/great)
What actions should you
take:
Check if you have the tools
knowledge to see if you have any
obvious risks.
Qualify Risk areas?
Back to
roadmap
Review your contracts
4 high risk areas
47. Contractual Terms and Conditions
Do we understand the
contractual T&Câs
correctly?
CUSTOMER DEFINITIONS
Majority owned subsidiaries
Limitation to entities
Other custumized âdefinitionsâ
Appendixes/Amendments
Back to
roadmap
48. Contractual Terms and Conditions
Do we understand the
contractual T&Câs
correctly?
CUSTOMER DEFINITIONS
TERRITORY RIGHTS
Country?
Regional or worldwide?
Why limited Territory rights on contracts?
Back to
roadmap
49. Contractual Terms and Conditions
Do we understand the
contractual T&Câs
correctly?
CUSTOMER DEFINITIONS
TERRITORY RIGHTS
LIMITED USE RIGHTS
Limited use for certain processes
Limited use for certain applications
Limited use for certain
environments (e.g. Test/Dev)
Back to
roadmap
50. Contractual Terms and Conditions
Do we understand the
contractual T&Câs
correctly?
CUSTOMER DEFINITIONS
TERRITORY RIGHTS
LIMITED USE RIGHTS
LICENSE METRIC DEFINITIONS
Standard metric or contract
negotiated?
Change over time â multiple
contracts, same metric, multiple
definitions
Defines how to count the license
requirement?
Old metrics
High risk of non-compliance
High risk of audit selection
Back to
roadmap
Proof of License
51. Proof of license - Contract documentation
⢠Contracts
⢠Ordering documents
⢠Maintenance renewal
⢠Amendment, Addendum,
appendices
⢠Termination letters
⢠Transfer letters
Proof of license
constitutes of
⢠Oracle LMS does not accept
side-letters, emails, verbal
agreements in their audits.
⢠Any such type of agreements
can disappear due to a person
leaving either organisation.
⢠As such, these pose a risk
to clients.
Special note:
Sideletters/emails/verba
l agreements
Back to
roadmap
52. Step:
Description: Work with a license expert,
someone who has years
working only with Oracle
Licensing. (script analysis)
Recommendations: Network! Know who to contact if
you need help. Donât start
looking when you are audited.
How important do I
think this is?
Benefits:
Time is important!
Be able to act quickly if audited
by Oracle.
What actions should you
take:
Use social media or attend ITAM
events to understand players in
the market.
Understand difference from âSAM
toolâ service providers and Oracle
Script vendors (methodology)
Engage Expert
Back to
roadmap
53. Step:
Description: Review your licensing using
Oracle audits scripts. Before the
Oracle audit begins.
Recommendations: Start as soon as possible.
How important do I
think this is?
Benefits:
Find out exactly what Oracle will tell
you.
Ability to take risk reduction or other
actions and save your company
millions but also time, sweat and
tears!
What actions should you
take:
Engage with your Oracle license
expert. Get their âscriptsâ and
analyse output.
Review Licensing
Back to
roadmap
54. Step:
Description: Oracle License Experts have
developed almost identical tools
as Oracle LMS
Recommendations: Always use to avoid making
costly mistakes
How important do I
think this is?
Benefits:
Find out what Oracle LMS will tell
you if you go ahead with the audit.
Give you options for remediation
(usually savings are 90-100%)
What actions should you
take:
Donât trust or use any SAM tool.
(only for data collecting purposes)
Use scripts to analyse
deployments
Use Data Measurement tools
Back to
roadmap
55. Step:
Description: Create a licensing position
before the audit starts.
Recommendations: The earlier you start with this
the better results and higher
chance of no mistakes
How important do I
think this is?
Benefits:
Save money
90% of all Oracle non compliance is
not about âover-usageâ but about
misinterpreting licensing rules and
policies.
What actions should you
take:
Do not use a SAM tool.
Work with data measurement
tools and verify and doublecheck
all the information.
Licensing Position
Back to
roadmap
56. Step:
Description: After you have the license
situation, you can take
necessary actions, uninstall,
purchase
Recommendations: Up to every company to decide
what actions to take.
How important do I
think this is?
Benefits:
Pay only for Oracle software that
you use and need.
What actions should you
take:
Purchase
Uninstall
Reconfigure
Remediation activities
Back to
roadmap
57. Step:
Description: Oracle sends a letter to your
CIO/CFO saying they want to
audit your usage of Oracle
Software.
Recommendations: Do not reply, wait until 45 days
has passed
How important do I
think this is?
Benefits:
Save money
Less stress
What actions should you
take:
Remove it and you can use the
licenses for other purposes
Reduce license gap
Back to
roadmap
58. TOP 3 most common errors companies make during audits
1 2 3
No negotiation
on audit scope
âWeâll do everything
Oracle asks to
keep them happyâ
No need to
review report,
weâll negotiate
Having a clear view on what
is being looked at, improves
controlability
of the audit
Get a list of the licenses in
scope. Is Oracle looking at
all purchases for these
products? Anything
missing?
Some data you might not
wish to share regarding e.g.
applications, âŚ
Oracleâs scripts will capture
a lot of information, even
products not in scope.
Finding mistakes improves
negotiation position
Reducing the findings will
decrease the start price
Back to
roadmap
Contact Experts Read articles/blogs â Boost your knowledge
59. 1# VMWare impact on Oracle licensing
The use of vSphere has impacts that vary depending on the version that has been implemented, but which
are confirmed by the general Oracle guideline:
Any hardware which could be used theoretically by the software during a given runtime must be
licensed
Version Features Licensing Impact
Up to and including 5.0
Version 5.1 and version
5.5
Version 6.0
The virtual machines (VMs)
can only be migrated within
a cluster
Virtual machines (VMs) can
be migrated between
clusters (within one
vCenter)
Virtual machines (VMs) can
be migrated from one
vCenter to another
The whole cluster must
be licensed
All severs within the
vCenter must be
licensed
All servers in all
vCenters in the server
farm must be licensedBack to
roadmap #2
60. #2 Oracle Applications
⢠Employee count: all employees irrelevant of actual use
⢠Application User: all users of application
⢠Customised bundling of software: e.g. Professional user,
External professional user,âŚCorrect counting requires:
⢠Analysis of contractual license metric definitions
⢠In case of bundling: in depth analysis required of:
a. User names
b. Allocated responsibilities (review of customised responsibilities)
c. Mapping responsibilities to components
d. Mapping components to products
e. Mapping products to bundles
Back to
roadmap #3
61. #3 Using features that you do not have a license for (database options)
Partitioning
Multitenant
Real Application Clusters
Active Data Guard
Real Application Testing
Advanced Compression
Advanced Security
Label Security
Database Vault
OLAP
Spatial
Advanced Analytics
Database in Memory
Diagnostics Pack
Tuning Pack
Database Lifecycle Management Pack
Data Masking and Subsetting Pack
Cloud Management Pack for Oracle Database
Partitioning found on 1 server with 2 processors and 4 cores per
processor Intel.
= 2*4 = 8 core factor 0.5 = 4 CPU licensable cost = $11,500 per cpu,
plus support and back support total cost could be a minimum of $56,120
for one server alone, without the back support costs.
What if it was on a VM Cluster/ vCenter, risks of unlicensed option
usage and financial risks are very high.
Example
Back to
roadmap #4
62. #4 Misunderstanding Oracle Licensing
⢠Are all environments being
licensed correctly?
⢠Difference between standby,
failover, remote mirroring?
⢠Are correct rules being
applied?
Disaster Recovery
Test & Development
⢠All environments need to be
licensed
⢠Test/Dev per user? Can you
prove user count?
Hardware
⢠Counted correctly?
⢠Correct core factor
⢠Hardware partitioning
Back to
roadmap #1
63. Best Practices
BEFORE AFTER
AUDIT
BE READY
ADVANTAGES
Create audit response team Gain experience and quick reaction times
Define audit policy, process steps and
allocate responsibilities
Know what to expect and who to turn to.
Create your own audit process, with
timelines
Be ready to control the audit and auditor
Prepare document templates
Specific NDA for audit, coop with legal
department
Centralise all purchasing and licensing
documentation
Easy access to the information
Make regular internal verifications Control and reduce risk, cost avoidanceBack to
roadmap
64. Delay Tactics
BEFORE AFTER
AUDIT
If not ready, DELAY
ACTIONS WHICH CAN POSE
DELAY BEFORE AUDIT STARTSâŚ
TO BE TAKEN
INTO ACCOUNT
We are in the middle of an IT roll-out. Officially, client should have 45 days
written notice. This can be interpreted as 45
days between audit notification (letter) and the
initial kick-off meeting.
Oracle might ask for a meeting before that
time is past. There are multiple ways to delay
this meeting (some indicated in previous
column).
No actual risk in delaying.
Advantage in not delaying: âWe are in control
of our Oracle licensesâ
Weâll need to wait for legal department
feedback
This is the 3rd/4th audit this quarterâŚ
Before meeting, we would like our NDA
to be signed
Person responsible is not available due
toâŚ
Back to
roadmap
65. Best Practices
BEFORE AFTER
AUDIT
Understand your rights
NOTES
Audit clause in the contract? Audit clause part of the License agreement
Full license entitlement
Licenses,customer definition,territory in
Oracle ordering document
Customized clauses in the contracts?
Knowing usage limitations, licensing
deviations negotiated. Auditor might take
standards as base for audit
45 days written notice In principle you have 45 daysâŚ
The audit will not unreasonably
interfere
Any interference?
Back to
roadmap
66. Best Practices
BEFORE AFTER
AUDIT
NDA
SCOPE TOPICS NOTES
You can negotiate the scope Limiting geographical, products
Clearly describe the scope at the start
So Oracle cannot state later⌠âwe found
another productâ
Product scope
Get a license entitlement list from the auditor,
verify against internal data and the agreed
limitations
Agree on audit approach
⢠Which steps?
⢠Which data? How is this collected? By
whom?
⢠How much effort required from your side?
Start of the audit
SCOPE
Back to
roadmap
67. Best Practices
BEFORE AFTER
AUDIT
ACTION NOTE
Appoint a Single Point of Contact
Spokesperson towards Oracle from that point
on.
Absolutely NO other communication
Nobody else speaks to Oracle (exception
urgent support calls)
SPOC
Start of the audit
Back to
roadmap
68. 4 strategies for how companies manage Oracle license
audits
You reply to Oracle audit letter notification
directly.
You donât take any action to review your
licensing.
You donât work with any external Oracle
license expert.
You run Oracle audit tools and hand over
the data.
You trust Oracle LMS fully.
WORST â 50% BAD â 35% RECOMMENDED â 10% BEST â 5%
âI manage the audit alone,
with no help and I trust
Oracle completelyâ
âWe have a SAM tool that is
certified by Oracle. Now I am
ready for the Oracle License
Auditâ
âI realize that Oracle licensing
can be very difficult and we
will contact an expert firm to
help usâ.
âI want to stop being audited
and be pro-active when
managing Oracle?â
Company
strategy
Actions
taken
End result You will be forced to pay for software
that you are not using but simply
because you have misinterpreted
Oracle licensing policies or rules.
Oracle will at the end send you a
âaudit reportâ saying you need to pay
for the license gaps and hint that
âOracle reserves the right to
terminate your licenses and programs
if you donât resolve it within 30 daysâ
You reply to Oracle audit letter notification
directly.
You decide to work use your Oracle LMS certified tool.
You use your existing Software Asset Management
Tool to give Oracle output. (OSW)
You donât work with any external Oracle license
expert.
You are left to the mercy of Oracle LMS.
The tool might save you 10-20% of any license gap,
but that is little worth when the license gap is âŹ
8,000 000 due to you have used Oracle Software in
ways that the tool is not able to detect.
Oracle will at the end send you a âaudit reportâ
saying you need to pay for the license gaps and
hint that Oracle reserves the right to terminate your
licenses and programs if you donât resolve it within
30 days.
Companies taking this approach usually pays the
same to Oracle as the customers who did not have
any tool. With a good negotiation team you might
be able to âsettleâ the license audit at ⏠4,000 000 or
be tricked into signing an Oracle ULA.
You hire an Oracle License expert.
You donât reply to Oracle LMS letter.
You and partner perform a license review using
scripts to measure your license position.
You ignore your SAM tool or simply use it as a
data source to understand where Oracle software
is installed.
You only start âOracle auditâ after remediation
Together with the Oracle license expert you
make a independent audit of your Oracle
Software investment. You discover a ⏠8,000
000 license gap.
Almost always 95% of that is due to not over-
usage but simply that you misunderstood how
to license Oracle Software.
You are then left with a real over-usage of âŹ
400 000 and you can decide if you want to wait
until the audit is complete or if you want to
purchase Oracle Software.
You still have to purchase Oracle Software, but
the key result here is that you ONLY pay for
what you use.
Benefit: 95% savings
Find Oracle licensing expert to partner with
for 2 years. = knowledge transfer
Use your SAM tool to the best of their ability,
start thinking of it as A TOOL AND NOT A
SOLUTION)
Make annual license reviews of your
compliance position.
Start optimizing on licensing (often up to 30%
of Oracle licensing can be optimized)
BY GAINING FULL CONTROL over your
Oracle Licenses you can prevent audits
from happening.
Benefit: By showing Oracle you have full
control the likelihood that you will be
audited in the future is EXTREMELY LOW
Benefit: You will not waste time working on
license audits.
Benefit: Your SAM and Procurement team
will focus on optimization and cost savings
Back to
roadmap
69. Exercise
Can you negotiate the scope of an audit?
Answer A:
ďź Yes, only products
Answer B:
ďź Yes, both products and entities covered
70. Exercise
When you get Oracle LMS âpreliminary reportâ â what should
you do?
Answer A:
ďź Contact IT sourcing to buy the licenses covering
any gap
Answer B:
ďź Review report for errors and wrong assumptions
71. Exercise
If you have an OMA from 2018, does it include any contract
language to run Oracle audit scripts?
Answer A:
ďź Yes it does
Answer B:
ďź No it does not
72. Exercise
When should you let Oracle start the audit?
Answer A:
ďź As soon as they want to kick off the audit
Answer B:
ďź Wait until you have done a review of licensing
and possible remediation
73. Exercise
When should you let Oracle start the audit?
Answer A:
ďź As soon as they want to kick off the audit
Answer B:
ďź Wait until you have done a review of licensing
and possible remediation
74. Exercise
What should you primarily look at in your contracts?
Answer A:
ďź Only products, metrics, quantities
Answer B:
ďź Product, metrics, quantities, customer definition,
territory, or other âlimited useâ clauses.
75. Exercise
You have an email from an sales rep saying its ok to
License with SE, but LMS says you are non-compliant.
Is the âside letterâ a get out of jail free card?
Answer A:
ďź Yes, I donât need to buy licenses
Answer B:
ďź No, an email has no contractual value. But it can
be used as negotiation leverage to avoid paying
full price.
76. Exercise
You have an email from an sales rep saying its ok to
License with SE, but LMS says you are non-compliant.
Is the âside letterâ a get out of jail free card?
Answer A:
ďź Yes, I donât need to buy licenses
Answer B:
ďź No, an email has no contractual value. But it can
be used as negotiation leverage to avoid paying
full price.
77. Exercise
Which products âcan a SAMâ tool manage?
Answer A:
ďź Oracle Database, Middleware and EBS.
Answer B:
ďź Oracle Database (partly) but often is wrong.