FAQ – Oracle License Audit

What is an Oracle Licence Audit ?

Once you have installed an Oracle program(s) after procuring them in accordance with the T&C’s of the software license agreement, you will have agreed to an audit clause which confirms Oracle contractual right to audit you once every x years, usually 1 year. As part of an Oracle License Audit, Oracle would provide you an OSW (Oracle Server Worksheet) for you to register details about your Oracle technology (database, middleware, etc.), hardware infrastructure and other details. You will also be provided scripts to run in order to extract details about Oracle Database/ Options, Oracle IAS, Weblogic, Oracle E-Business Suite, etc. You are required to send the script output back to Oracle for analysis purposes. At the end of the audit process, Oracle would present your license compliance position in the form of a final formalised report.

How is an Oracle License Audit different from an Oracle Licence Review ?

More often than not, Oracle will issue a notification to the customer requesting a license review, instead of ordering a license audit. What this means for the customer is that, the audit clause (or “right”) from the Oracle license agreement is not invoked, and the contractual obligations related to the same are not put into effect at the time. Having said that, the customer will still have to undergo the same processes as the Oracle audit, and the term “license review” provides the customer some good feeling of being reviewed (a soft audit, if you like) instead of an “imposed” audit.

What is Oracle Licence Management Services (LMS) ?

Oracle License Management Services, or more popularly Oracle LMS, is the only department within Oracle who are contractually entitled to invoke the audit clause of your Oracle license agreement. Other departments within Oracle, e.g. Sales or COLS (Customer Optimisation License Sales) who carry a revenue target can only request a license review from the customer, however only Oracle LMS can “impose” a contractual audit by invoking the audit rights from the license agreement.

How much advance notice does Oracle give for an audit ?

A standard Oracle audit clause allows the customer 45 days to respond to an audit request. However, it is a common observation that the Oracle LMS auditor will to initiate the audit much before the 45-day period is over. The customer, if not fully prepared to respond, must remind Oracle about their contractual allowance of 45 days if being pursued aggressively. A 45-day response period should be comfortable time for the customer to keep the Oracle license estate in good compliance.

How often should we expect to be audited ?

Although Oracle usually has the contractual right to audit the end-customer once every 12 months, Oracle would only pursue an audit with a customer once every 3 years or so. This is because Oracle considers that, once a customer is just audited, it is not until another 3 to 4 years that the customer again accrues the risk of license non-compliance due to a variety of factors, including hardware refresh, recent merger/ acquisition/ divestiture, organisational growth, etc.

Why did I get selected for an Oracle License Audit ?

Oracle LMS, Sales or COLS are watchful about situations that may increase the chance of an end-customer being found non-compliant when audited. The reasons that usually increase the licensing risks include using old or mixed license metrics, using old products, the most recent procurement > 3 years ago, hardware refresh, changes in environment, organisational changes, organic growth, a recently certified ULA, or even an Oracle account manager not getting enough responsefrom you.Interestingly though, you will be told by Oracle that you have been “randomly selected” for the audit.

I have outsourced my IT. Am I still responsible for licensing my Oracle Software?

The Oracle Compliance Policy states “When a customer licenses Oracle software, it is the customer’s responsibility to ensure that they are utilizing their licenses in accordance with the terms and conditions of the license agreements”. If you have procured the Oracle software that you are using, the licensing T&C’s of the licensing agreement are binding upon you. This is true even if you have outsourced your IT, or are using the licenses as part of Oracle’s On-Demand or Cloud Services.

Please tell us more about the scripts provided by Oracle LMS.

Oracle software is a complex suite of products and, during a license audit or review, a set of scripts is provided by the Oracle LMS Group in order to establish an an acceptable view of the Oracle software usage. These different scripts produce information in an appropriate format for loading into Oracle’s analysis tools. The more usual scripts are for measuring the Oracle Database, Middleware and E-Business Suite. These scripts are packaged in a .zip file with separate Database, Middleware and Applications sub-folders. These scripts will produce a mixture of text files and tar files, which in turn will need to be sent back to Oracle for analysis purposes.

Please provide a list of scripts provided b Oracle LMS during a License Audit.

During an Oracle license audit, the customer can be provided one or more of the following scripts, depending on their Oracle estate:

Review Lite: This script discovers installation versus active usage of the Oracle DBEE Options and Management Packs, along with details about the database usage, e.g. Version, Edition, Users, Concurrency, etc.

OMT (Oracle Measurement Tool): This tool is used in an Oracle estate that are still licensed on a Concurrency basis, where the highest water-mark usage must be recorded. The OMT is an agent-less tool that provides monitoring of the Oracle usage on an ongoing basis, measures usage across different installations and the data collected is then used to reconcile usage with the license grants.

CPU Query Script: This script establishes the different specifications of the hardware platform (physical/ virtual) on which the Oracle software is installed. This would include sockets, processors, cores, threads, etc.

IAS Script and Weblogic Script: These scripts would find details about the usage of Oracle Internet Application Server and the Oracle Weblogic (pre-acquisition – BEA Weblogic) as installed.

DDL Script: This script may be provided as stand-alone or bundled with the Review Lite Script, and aims to identify the custom/ non-standard schemas and objects that will render the underlying technology (database/ middleware) of Oracle E-Business Suite as fully licensable.

E-Business Suite Script: This script would discover information about users, responsibilities, security groups from the FND tables. Apart from user-based information (Application User, Employee, etc.), this scripts also measures usage-based information (Order Lines, Expense Reports, etc.). Any changes that have been made to the Applications Database (e.g. views, reports, tables) will also be reported.

Is it mandatory to run the scripts from Oracle LMS during an audit ?

It is contractually not binding on the customer to run the Oracle LMS scripts during the audit, however you must be able to provide access to all requested information in an acceptable format. The audit clause states, “You agree to cooperate with Oracle’s audit and provide reasonable and access to information.” While there are 3rd party tools commercially available that claim to discoverOracle usage, they may be expensive and yet have the same limitations as the Oracle LMS scripts.

Can we analyse the Oracle LMS script output ourselves ?

The outputs from the different Oracle LMS scripts can be complex, vague, detailed and difficult to read or de-code, even by a technical professional. The same script output can be interpreted in multiple ways and as a first cut, Oracle may interpret or assess the script output in a way that benefits the software vendor. It is advisable that the script outputs be “independently” analysed by an Oracle Licensing Specialist and any analysis performed by Oracle must also be defended appropriately.

Which Oracle programs are usually included in an Oracle License Audit or Review ?

Oracle LMS has the capability of auditing a range of their product offerings – including BEA, Siebel, JD Edwards, Peoplesoft – which are acquisitions during different times in the past. However, due to some products being highly used over others across most customers, it is observed that the software vendor is usually focussed on Oracle technology (Database and Application Server), BEA products, and Oracle E-Business Suite.

Would Oracle provide us our entitlement of Oracle licenses ahead of the license audit ?

Every customer who receives the audit letter should request a copy of their contractual entitlements from Oracle LMS before the audit starts. Sadly not every Oracle LMS auditor, until the end of the audit, is ready to share the license grants against which the customer’s usage would be measured. It is important to establish that – all legal entities, Ordering Documents, License Agreements, and Purchases – should be considered which provides insight into the customer’s entitlements and contractual rights and restrictions.

How do we educate our employees and/ or software users about Oracle licensing ?

Most Oracle software users are unaware of their usage rights and restrictions, thereby easily breaching the T&C’s of the Oracle license agreement. As Oracle does not have any technical restrictions (e.g. protective keys), the software can easily be downloaded and put in active use, thereby substantially increasing chances of potential non-compliance. Therefore a reliable training on Oracle License Management can be very effective towards avoiding contractual pitfalls.

What is the inherent risk of licensing a DR environment running Oracle ?

Many customer are still gullible of contractual non-compliance when it comes to licensing the Disaster Recovery (DR) system in their Oracle estate. Customers often fail to license DR at the same level and metric as the primary systems. They are further unable to clearly differentiate between the 4 primary DR scenarios as recognised by Oracle – Tape-Backup, Failover, Standby and Remote Mirroring. Oracle has a 10-day free failover policy which enables the customer to have the DR system for no extra cost, however as the same definition comes with several limitations and grey areas to understand, due to which the customer often falls on the wrong side of license compliance.

During an Oracle audit, does Oracle count only the Oracle servers in “production”use ?

There are no free giveaways in Oracle licensing, which is to say that all environments running Oracle, in addition to the production systems, must be licensed appropriately and adequately. These environments include, but are not restricted to, Test, Development, Training, Staging, UAT, Pre-Production, DR, etc. To optimise usage and save costs, the production and non-production systems running Oracle should be licensed on separate and suitable metrics. It may be noted that Oracle does provide a free OTN Developer license for the purpose of developing, testing, prototyping and demonstrating an application, however the same cannot be used for any commercial or production purposes. Oracle also has a free 10-day failover policy, however the customers often fails to understand the policy in detail and hence ends up in non-compliance.

What causes the most fallouts in an “official” Oracle Audit ?

The average Oracle customer faces the most expensive fall-outs from an Oracle audit due to the following reasons:
• The Oracle database is downloaded with a few default DB Options (eg. OLAP, Data Mining, etc.); the latter need to be licensed only when in active use. Oracle LMS’ Review Lite scripts are effective in finding the active usage of most DB Options, and this may potentially drag the unconvinced customer into an“unsuspecting” non-compliant position.
• Oracle software, being intangible, is licensed based on the specifications of the hardware server (physical/ virtual) on which it runs. If a hardware refresh occurs in a customer’s Oracle estate without taking this into consideration, then this may seriously affect compliance position.
• When it comes to measuring Oracle E-Business Suite usage, not only unlicensed users (“overusage”) of a licensed module, but also custom responsibilities that need to be mapped to unlicensed modules, will mostly hold the average customer in non-compliance. In several cases, the “unlicensed” underlying technology (database/ middleware) must be licensed because of non-standard modifications identified from a DDL script.
• It has been found that a customer would continue to use the sub-set of Oracle products “without support” under a license-set, while the other sub-set of the Oracle products from the same license-set “under support”. This breaches the Oracle Matching Support Level policy, and in this case the Oracle software from the same license-set running without support would not be considered as “legitimate” entitlement towards covering usage.
• The customer’s inability to identify their complete Oracle entitlement from all recent and old purchases, laseu, merger(s), acquisition(s), divestiture(s), ASFU, ESL, partner-hosted, etc. and therefore the contractual entitlement on the whole may fall short of the active usage.
• The customer may not be aware of their usage restrictions as they have never read the “fine-print” from the Oracle Contracts. E.g. a customer who was entitled to Oracle Weblogic Suite, without contractual right to specific components in it, ended up being non-compliant without adequate knowledge about the same. Another example could be following the generic definition, as opposed to the contractual definition, for a specific license metric.
• Inability to understand licensing scenarios (as defined and accepted by Oracle) including Data-Transfers (Flat-File Transfer, Multiplexing, Batch-Processing), Disaster Recovery and Virtualisation (especially involving VMWare).
• Many end-users, when licensing Oracle products on a user-based metric, fail to consider licensing the minimums on a physical/ virtual server or an application module. This becomes especially evident (and subsequently non-compliant) when the actual usage is less than the licensable minimums.

Following an ahead, how would Oracle LMS ask you to rectify the non-compliant position (if any) ?

Following an Oracle License Audit, if there is a license non-compliance established and agreed, then the same has to be corrected one of the following ways:
(a) Through the purchase of sufficient licenses and associated support to cover the compliance shortfall. Backdated support may also be assessed for the period of unlicensed usage. The backdate support could be as far back as 3 years, and all back-support will usually be quoted at 150% of support fees for each year.

(b) If the customer removes the Oracle software, or reconfigures their hardware environment, a term license and associated support needs to be purchased to cover the period of unlicensed usage. In this case, the backward shortfall will be covered by purchasing term licenses for the usage term in question. Term licenses are obtainable from 1 to 5 years at a reduced price from the perpetual license, however support is still 22% of the full list price.

In how many ways can Oracle LMS act if a license compliance violation is not resolved

If a license compliance violation cannot be brought to resolution within an acceptable time-frame, then the same will be escalated to an appropriate authority through Oracle’s Legal Department. Remedies open to Oracle include, but are not limited to:
(a) Charging full list price for additional software licenses required to correct the license violation
(b) Charging technical support fees for the period of unlicensed use of the software
(c) Suspension of technical support service and software updates, where applicable
(d) Termination of the license agreement and associated licenses
(e) Cancellation of OPN status and sublicense rights

Please provide tips to get the best value from the final commercial deal

Even if you have been held non-compliant from an Oracle audit, try to negotiate hard (keep in mind the timings, quarter-ends, year-ends, etc.) to get a good discount as you would otherwise do for a “fresh” net-purchase, rather than being sheepish about the non-compliance found out. Make sure you are not trapped into buying unnecessary or unplanned products towards making a “large” deal for a “substantial” discount%; you may eventually be stuck with the perpetual liability of paying for support fees for these unused licenses.