Navigating an Oracle License Audit

From an IT procurement perspective, the large enterprise Oracle software estate has always been difficult to navigate. Overspending and overprovisioning is rampant. License terms and rules are complex. Customers regularly end up with less-than-optimal pricing and business terms when negotiating contracts or renewals. Negotiating a world-class outcome with Oracle requires careful assessment of deployments and deep pricing and negotiation intel to optimize enterprise agreements.

In recent years, large enterprise customers have had to add Oracle software license audits to the list of their concerns. Oracle license audits have become increasingly common as the vendor tries to motivate customers to follow its cloud ambitions while pulling out all the stops to increase revenues.

It’s worth noting how invested Oracle has become in the software license audit business. The Oracle license audit team is meticulous and aggressive. For enterprise customers, Oracle audits can be highly disruptive and drain resources. Penalties for non-compliance can easily run into the tens of millions of dollars.

Navigating an Oracle License Audit

Oracle has the right to audit organizations for appropriate use of its licensed products to ensure they are being used in a compliant manner. These rights are clearly laid out in your agreement with the vendor.

Notification of an Oracle license audit is a frustrating event that usually triggers involvement from multiple stakeholders within the organization. Customers are typically asked to respond within a particular timeframe by running Oracle scripts in their environment along with detailed Oracle Sever Worksheet self-declaration.

One of the smartest things customers can do to prepare for an Oracle license audit is to understand the vendor’s process and expectations – as well as what they can do to optimize the outcome – before they find themselves in the hot seat.

The Oracle License Audit Process

The Oracle license audit process follows a 5-step process:

1. Oracle Audit Notification

A formal Oracle audit will start with an official notification from Oracle License Management Services (LMS) or Global Licensing and Advisory Services (GLAS). You may receive informal inquiries, but when you get notified of an audit from either of these divisions, you will need to comply. Notifications may spark a conference call to discuss logistics and steps.

2. Kick-Off Meeting

You will have an introductory meeting to discuss the scope and timeline of the Oracle license audit. At the kickoff meeting, you will learn what data Oracle needs to perform its analysis.

3. Data Sharing

You will need to gather the data requested by Oracle’s auditors. This typically includes an inventory of licenses, installation, software versions, hardware, usage statistics, and purchase records.

4. Oracle Audit Report

Oracle will analyze the customer data, reconcile it to licensing agreements and highlight any gaps in compliance. Per the terms of the licensing agreement, auditors will create a true-up point of view to get licensing in compliance and may assess significant contractual penalties for any lapses.

5. Settlement

After reviewing the report, you may need to purchase additional licenses to cover any shortfall and put in place additional practices to fulfill compliance. There may be an opportunity to negotiate fees based on circumstances.

What Will Trigger an Oracle Audit?

Several cases trigger Oracle audits, including:

Virtualization

If you use Oracle products in a VMware environment, you’re a prime candidate for an audit. Oracle customers must license all VMware servers across their entire IT estate and not just a specific number of machines. Oracle’s logic is that you could run Oracle across all servers and cores, so all of them need to be covered

Renewals

When licensing comes up for renewal, Oracle will ask for verification that you are properly licensed for current usage before renewing. A word of advice – you should be 100% confident of your Oracle license compliance position before engaging in the renewal process!

Reduction in Support Agreements

Reducing the level of your support agreement may prompt an audit as well. Oracle will want to ensure your licenses still match your needs based on the lower support levels. For example, if you opt to drop 24/7 production support to the more basic 9-5 support, Oracle will likely make sure you are licensed compliantly. Keep in mind audits are a revenue tactic that Oracle is ready to deploy anytime any dimension of customer revenue is threatened.

Hardware Refresh

Hardware refreshes such as servers, processors, or database upgrades may also trigger an audit. New or upgraded capacity can impact your licensing needs. Oracle may want to verify your infrastructure is adequately licensed and compliant. For example, increasing cores during a server migration may require additional licensing to remain compliant.

Repeated Non-Compliance

If you are found to be noncompliant during an Oracle audit, expect to be audited more frequently.

Mergers & Acquisitions

M&A activity, corporate reorganizations, and divestitures can also trigger audits. Oracle will want to make sure the new structure remains in compliance with licensing agreements.

Support Ticket Submission for Unlicensed Tech

If you do not have licenses for Oracle products, but a team member submits a support ticket, it’s a red flag. Auditors will investigate to find out whether there are broad licensing discrepancies.

Failure to Renew Unlimited Licensing Agreements

An Oracle Unlimited License Agreement (ULA) requires you to use software licenses within contracted uses. If you decide not to renew your ULA, you may face an audit to make sure your licenses still adequately cover your usage within unlimited resources.

How to Prepare for & Manage an Oracle Audit

Oracle license compliance requires proactivity. Performing an internal licensing position assessment can help you identify potential noncompliance before Oracle becomes involved. In many cases, in addition to maintaining a compliant state of audit readiness, you may find you have unused licenses that can be re-assigned or dropped in your next negotiation.

Once you’ve been formally notified of an Oracle Audit, you will want to engage a licensing expert like NPI as quickly as possible. Regardless of the type of Oracle licenses you have, you’ll want an expert partner on your side to help gather the data and verify the accuracy of auditor claims and interpretations. In many cases, NPI has found Oracle auditor data to be incomplete, inaccurate, or interpreted incorrectly. Those errors never benefit the customer and always benefit Oracle.

Oracle License Compliance Risks

Even if you think you are fully in compliance, there are plenty of ways things can get off track. Here are some of the more common risks that can occur.

Oracle Database Compliance Risks

• Unlicensed databases: Organizations often lose track of all databases installed, including test/dev environments and small installations that fall under the radar.
• Processor metric confusion: Licensing database based on incorrect processor definitions or failing to license all cores/sockets.
• User minimums not met: Not maintaining enough licenses to meet the minimum requirement.
• Unlicensed features/options: Options like RAC, Partitioning, and Diagnostics Packs add to license requirements.

License Metric Mistakes

• Incorrect Named User counting: Not tracking and limiting actual users, under-licensing power users.
• Processor/core terms violated: Software installed on more cores or sockets than entitled.
• User minimums not tracked: Failing to maintain required minimum user licenses.
• Improper hardware baseline: Not properly licensing changes to server hardware configurations.

Virtualization and Cloud Policy Risks

• Virtual machine sprawl: Too many Oracle installs on virtual servers without proper licensing.
• Inadequate virtualization management: Poor visibility into the movement of Oracle workloads across virtual environments.
• Cloud policy confusion: Unclear on differences between BYOL vs. Oracle cloud licensing.
• Unreported cloud migration: The movement of workloads to the cloud can trigger an audit if not handled correctly.

Oracle License Audit Defense Service

If you receive an audit notification, it’s imperative to seek expert, objective Oracle licensing expertise. At NPI, our Oracle license experts help you control the process and secure the best possible outcome.

While the best strategy is to identify compliance pitfalls before Oracle gets involved, NPI can also help with Oracle license audit defense. The NPI team has deep experience specifically with Oracle audits and can guide you through every step of the process.

We can help you establish an independent license position, validate the accuracy of auditor data and claims, and help negotiate an optimal outcome to reduce (even fully negate) any costs or penalties. If additional purchases are necessary, NPI also has benchmark pricing and negotiation intel to help achieve optimal pricing.

Contact NPI today to help prepare for and navigate an Oracle license audit. We are not a reseller – we are licensing experts. NPI’s software compliance experts are 100% objective and focused on helping you achieve the best possible outcome.

RELATED CONTENT

• Blog: 5 Questions to Ask Before Renewing an Unlimited License Agreement (ULA)
• Blog: Oracle Java License Change Will Have Major Cost Implications
• Blog: Oracle Universal Credits Licensing and Pricing Basics for OCI
• NPI Service: Enterprise Software License Optimization Consulting
• NPI Service: Software License Audit Services