Using Oracle and VMware? An Audit May Be on the Horizon

By Jeff Muscarella

Partner, IT and Telecommunications, NPI

February 25, 2016

Interested in learning more about NPI’s services?

Contact Us

Artwork Courtesy of @iStock/cacaroot

Will you be audited by Oracle in 2016? If you’re also a VMware customer (which many companies are), the answer could be yes.

Oracle has become more aggressive in its auditing pursuits – specifically towards those customers running Oracle’s database in conjunction with VMware’s virtualization software. NPI has seen an uptick in audit activity and the vendor has made headlines for being involved in several high profile, audit-related lawsuits over the last two years.

According to this article:

“Oracle has been telling a number of organizations running its database software that they are breaking the company's licensing rules – and therefore owe it millions of dollars in unpaid license fees. The issue hit the headlines in January after US confectionery giant Mars took Oracle to court in the US over claims Mars had broken the rules.

The case was settled before going to trial. Experts calculated that had Oracle won, Mars would have been in the hole for $100m – that’s on top of an existing annual Oracle software bill of $100m. But that’s nothing. The Register understands Oracle has gone to customers with claims five times that figure.”

The issue ultimately boils down to how Oracle defines “hard partitioning” and the approved technologies specified in its partitioning policy (hint – VMware doesn’t make the list):

“Oracle-approved hard partitioning technologies as listed in this section of the policy document are permitted as a means to limit the number of software licenses required for any given server or a cluster of servers. Oracle has deemed certain technologies, possibly modified by configuration constraints, as hard partitioning, and no other technology or configuration qualify. Approved hard partitioning technologies include: Physical Domains (also known as PDomains, Dynamic Domains, or Dynamic System Domains), Solaris Zones (also known as Solaris Containers, capped Zones/Containers only), IBM’s LPAR (adds DLPAR with AIX 5.2), IBM’s Micro-Partitions (capped partitions only), vPar, nPar, Integrity Virtual Machine (capped partitions only), Secure Resource Partitions (capped partitions only), Fujitsu’s PPAR.”

In laymen’s terms, this means that Oracle customers must license all VMware servers across their IT estate – not just a specific number of machines. Oracle’s rationale is that customers could run Oracle across all servers and cores if they wanted to, and should therefore ante up.

The folks at ITAM Review depicted it another way in a recent tweet. If Oracle owned parking garages, they would charge you for every parking space. You know…because you could park in any of them.

If you’re a concerned Oracle customer, do the following:

Know your compliance position. Don’t wait for Oracle to notify you of an audit or a “software asset management” exercise (it’s basically an unofficial audit). Conduct a self-audit to understand if and where you’re out of compliance. Make sure you have an Oracle licensing expert on your team, as well as proficient self-audit tools and processes. Remember: a self-audit should be just as rigorous, if not more, as Oracle’s iteration.

If audited, don’t rely on Oracle’s tools. Oracle’s goal is to discover new license revenues and its auditing tools are engineered to support this goal. In some cases, they yield inaccurate information or license data that can be wrongly interpreted by the vendor. It’s important that customers prepare their own defense. Use independent, third party tools to best understand and communicate your licensing position.

Use Oracle’s end game to your advantage. New license revenue isn’t Oracle’s only objective. The vendor is also eager to move customers to its cloud offerings. Customers that find themselves out of compliance may be able to minimize or negate audit penalties if they migrate to the vendor’s cloud solutions. This is just one example where customers can find mutually beneficial ground with Oracle, while lessening the impact of an audit.