What are Software Audits, and Why Are They On The Rise?

Recent years have seen an uptick in software audits, with more companies being asked to provide evidence of licensing compliance. This is largely due to the fact that organizations are now using more software than ever before, with an increasing number of employees working remotely.

Watchdog groups like the Business Software Alliance (BSA) and the Federation of Software Theft (FAST) serve the sole purpose of ensuring the protection of software vendors’ intellectual property. These groups and software vendors are dedicated to discovering and auditing non-compliant organizations every single day with little to no notice. According to Gartner, the likelihood of an assessment for a medium to a large firm over the next two years is predicted to be 40%, which is expected to rise by 20% annually.

But why do software vendors act in this manner? 

Simply put, the main motivator is money. Revenue from software sales fell when the American economy saw a downturn and software expenditures were slashed. Software vendors were forced to hunt for alternative income sources when these profits started to decline. Audit fines and penalties of several hundred thousand dollars to even millions of dollars appeared as lucrative options for these vendors. According to the BSA, 25% of businesses that operate in the US are non-compliant in some way, costing software vendors an estimated $6 billion in the loss. 

 

What is a Software Audit?

A software audit is an assessment of a company’s compliance with software licensing agreements. Organizations that use pirated or unlicensed software can be subject to expensive penalties, including fines and damages. In some cases, they may even be required to forfeit their business’ computers and other equipment. 

 

How Do Organizations Fall Out of Compliance?

 The truth is that conformity is not simple. It involves more than just purchasing adequate licenses. Even techies typically struggle to completely comprehend software licensing laws because they are so sophisticated, and even when they do, modifications to the regulations occur so often that it is challenging to stay up to date. 

Most businesses lose their ability to comply with the rules when they lack proper record keeping and miscomprehend software usage rights. Both parameters are equally crucial to stay in compliance. The first approach is to have clear visibility into your integrated software usage. In the unfortunate case of your company being audited, this can be an added benefit because you will be able to provide records immediately and demonstrate your good faith efforts to adhere to the regulations.

Furthermore, it’s crucial to have an attorney or specialist who excels in contract negotiations. They can elaborate to you how you can lawfully utilize your software, saving you from involuntary non-compliance. Avoid attempting to resolve this on your own, as it is easy to misinterpret or fail to notice crucial facets of software use terms and conditions. For instance, there have been instances where a business has expanded internationally and had staff members using software in other countries. They believed this was acceptable since they had many licenses, but since those licenses were only intended for use in the United States, they were in violation without even recognizing it. 

 

How to Lower Your Risk of Being Audited

  1. Exhibit a Sound Understanding to the Software Auditors 

To show that you have a good grasp of your software agreements, it is crucial that you respond to any inquiries the auditors pose in an efficient and thorough manner. In order to achieve this, you’ll need a workforce in control of the project, a SAM solution in place to oversee your software inheritance, and frequent internal audit findings to get a complete picture of your software assets utilization. 

This is especially true if your business has just undergone a merger or acquisition or if it is a large corporation with numerous branches. Such circumstances will make you prone to disorganization, which in turn raises the possibility of overlooking factors important for compliance.

  1. Stay Prepared

Inform your staff on the importance of software asset management, and prepare a defense plan in case a software inspection occurs. Even if a software audit is conducted, a quick assessment with a few fines will show the software provider that you are not an easy catch. Preparing includes having your licenses in order, appointing a specific person to oversee your company’s software audit, and having an audit defense strategy in place. Knowing what to do will ensure that every software audit of your company proceeds without incident and with the least amount of damage possible.

  1. Be aware of your Software Architecture

Establish an efficient asset life cycle, along with a streamlined procedure to purchase and retire software resources to keep a close check on them. Failure to do this can lead to the acquisition of numerous unnecessary licenses, which quietly drain the company’s IT budget. Keep track of what licenses you have and how many licenses you need so that you can stay compliant. Additionally, make sure that only authorized users have access to your organization’s software. Implement user controls and set up alerts so that you can immediately spot any unauthorized access or usage. 

Often, the majority of software audits search in the company’s Active Directory (AD) to assess compliance. A company’s AD contains all devices and accounts—not just those that are currently in use—that have ever used their software resources. There will be ex-employees in your Active Directory, along with devices that have been gathering dust in the company’s store, and the auditors will claim that each of these entities needs a license.

 

Conclusion 

Monitoring your software resources will cost much less than having them audited. In addition to achieving compliance, successfully managing your software and how they are used also ensure that your software resources are used to their full potential. You may delete shelfware and restructure your agreements to ensure that every software program you have is being successfully utilized. Efficient asset administration has no drawbacks because the added administrative costs will eventually result in equal cost reductions. By making sure all of your organization’s software is properly licensed and keeping track of who is using it and when, you can help your company avoid costly penalties associated with non-compliance.

Bring Your Own License (BYOL) Rules on Third-Party Cloud Providers

Bring Your Own License (BYOL) Rules on Third Party Cloud Providers

Software licensing is ridiculously confusing, and its hyper complexity is not slowing down anytime soon. This confusion can easily lead to overspending, which equates to more money in the software vendor’s pockets, taken at the expense of your company’s software budget. how does overspending occur? One key reason behind our client’s overspending stems from the complexity of Bring Your Own License rules (BYOL) on their third-party cloud providers. 

At MetrixData360, we have helped hundreds of companies save millions of dollars, in this article, we will clear the waters by showing you the steps you can take to mitigate any potential areas of overspending in your software licensing environment.

 

 

 

Rule Change 

Microsoft changed its rules as of 1st October 2019 around how Microsoft products are licensed in 3rd party hosting scenarios.  These changes primarily impact AWS, Google, and Alibaba clouds (although others are affected).  The concept of Bring Your Own Licenses (BYOL) is influenced significantly by these changes.  Before these changes, as long as you had hardware dedicated to your use (i.e., were not using shared infrastructure), you could BYOL now.  With these changes, you may be required to purchase subscription licenses for these products through the hoster (e.g., Windows Servers, Office).  Specific versions may still be licensed via BYOL if licenses were acquired for those products before October 2019 or on a contract still active as of October 2019. 

 

To understand these rights, you must review the Microsoft Product Terms.  Below are the relevant sections: 

 

 

  1. Customers may use the server software on a Licensed Server, provided it acquires sufficient Server Licenses as described below. 

 

A Licensed Server is: 

A Licensed Server means a single Server, dedicated to the Customer’s use, to which a License is assigned.  Dedicated Servers that are under the management or control of an entity other than the Customer or one of its Affiliates are subject to the Outsourcing Software Management clause.  For purposes of this definition, a hardware partition or blade is considered to be a separate Server. 

 

 

The Outsourcing Software Management clause states: 

Customers may install and use licensed copies of the software on Servers and other devices that are under the day-to-day management and control of Authorized Outsourcers, provided all such Servers and other devices are and remain fully dedicated to Customer’s use.  The customer is responsible for all of the obligations under its volume licensing agreement regardless of the physical location of the hardware upon which the software is used.  Except as expressly permitted here or elsewhere in these Product Terms, the Customer is not permitted to install or use licensed copies of the software on Servers and other devices that are under the management or control of a third party. 

 

Authorized Outsourcer means any third-party service provider that is not a Listed Provider and is not using Listed Provider as a Data Center Provider as part of the outsourcing service. 

 

AWS is a Listed Provider.  Next, we need to determine if we have a right to utilize software at the Listed Providers through Microsoft License Mobility through Software Assurance right: 

 

License Mobility through Software Assurance 

Under License Mobility Through Software Assurance (SA), Customer may move its licensed software to shared servers under any of its Licenses which are designated as having License Mobility for which it has SA, subject to the requirements below.  Products used for Self-Hosting may be used at the same time under License Mobility through SA rights, subject to the limitations of the Self-Hosting License Terms.  

 

Permitted Use: 

With License Mobility through SA, Customer may: 

      • Run its licensed software on shared servers;  
      • Access that software under access licenses and for which it has SA, and under its User and Device SLs that permit access to the Products;  
      • Manage its OSEs that it uses on shared servers; and/or  
      • Manage its OSEs that it uses on its servers using software that it runs on shared servers. 

 

Requirements: 

To use License Mobility through SA, the Customer must: 

      • Run its licensed software and manage its OSEs on shared servers under the terms of its volume licensing agreement;  
      • Deploy its Licenses only with Microsoft Azure Services or qualified License Mobility through Software Assurance Partner; and 
      • Complete and submit the License Mobility Validation form with each License Mobility through Software Assurance Partner who will run its licensed software on their shared servers. 

 

License Mobility allows for use on a shared server.  Products that have this right associated with them allow BYOL (as long as you have active Software Assurance).  Next, we need to see if a product has Server Mobility.  For Windows Server: 

 

4. Software Assurance 

 

Windows Server does not include License Mobility rights.  For Windows Server (or any product without License Mobility), this means BYOL is only available for versions that were released before October 2019 and for which licenses were acquired prior (or on active contracts as of October 2019) to October 2019 

 

 

Please refer to the current Product Terms to ensure this info is still accurate as Microsoft makes changes frequently to their licensing rules. 

 

Start Saving on Your Software Licensing

Being able to cut software licensing costs will mean money back into the IT department for smarter and more innovative investments. This can be done by tracking the life cycles of your assets through the successful deployment of an inventory tool (along with someone who can effectively read it), through having a clear understanding of usage during contract negotiations, carefully considering your migration to the Cloud, and by conducting internal audits to ensure compliance.

At Metrixdata360, we can help you cut down your costs to save you from unnecessary drains on your budget and potentially heavy audit penalties. Don’t put off saving money, get your free consultation today!

Licensing a Disaster Recovery Environment in Oracle

Nothing calls for disaster recovery (DR) more than 2020, which makes this the perfect time to consider disaster recovery environments.

However, when it comes to Oracle, it can be tricky to figure out what your contracts allow you to do when it comes to creating a proper DR environment for even the stickiest of situations.

The last thing you want is to run up against compliance issues with Oracle, who is known for their brutal software audits, especially in matters of disaster recovery. At MetrixData 360, we are experts in both managing our client’s compliance issues as they arise and proactively ensuring they never occur again.

Here’s what our Software Asset Management Experts have to say about how to properly license your DR environments.

What is a Disaster Recovery Environment?

Every business has mission-critical information they need to protect and keep accessible at all times. This is why every business should have some form of disaster recovery in place. Disaster recovery is a method of security planning with the goal of protecting that data from any significant negative events.

Common types of disaster scenarios are as follows:

  • Application Failure:

    Commonly seen as a result of hardware or software configuration. DR solutions around this scenario involve application backups or active-to-active failovers.
  • Network Failure:

    When you have a full or partial Cloud environment, losing connection to this environment could be the result of power outages or performance issues. DR solutions for this scenario involve strengthening the connection to the organization’s network or creating multiple access points to the network in order to create sufficient redundancies.
  • Data Center Failure:

    Often seen as a result of mass power outages or natural disasters, which results in the loss of connection to whole data centers or domains. Creating a DR solution for this event involves potentially deploying applications across multiple domains if you have them.
  • Region Fail:

    Most likely the result of the most severe disasters, when whole regions lose either power or connection of their network. To protect against this event, you can deploy your workload over multiple Oracle Cloud infrastructures in a variety of regions.

It is the IT department’s job to ensure that this protected data is constantly updated, maintained, and easy to access, so that the organization can continue to run as normally as possible under the circumstances. Although smaller industries may be hesitant to invest in funding for a situation that has yet to occur, it is usually better to be safe than sorry.

While Disaster Recovery as a whole involves many different working elements including a DR plan, personnel, actions for dealing with financial and legal issues etc., this blog post will only be focusing on how to license the Disaster Recovery environments that organizations have built.

How to License a Disaster Recovery Environment

Since your DR environment is only used when disaster strikes, your organization (hopefully) does not have to use it constantly, in which case it may feel like you don’t have to license the environment. However, to assess whether your DR environment needs to be licensed, consider the following:

  • Check Your License Agreement and the General Terms:

    All the rules that you need to adhere to can be found in your licensing agreement, or your Oracle Master Agreement (OMA) if you have one, and any other documents that the agreement refers to.   There may be versions of basic contracts online, but these might be out of date and may not accommodate for any unique licensing metric you may have. For instance, some companies have a licensing metric based on your company’s annual revenue or the number of employees that you have. If there is any language in the contract that is ambiguous, you should seek out clarification from your Oracle rep.
  • Remote Mirroring:

    With Remote Mirroring, your data is stored in an identical storage unit or shared disk array in a dispersed location through the use of solutions like Veritas Volume Replicator, EMC SRDF, Legato Relator, and EMS StorageEdge. In this instance, both the mirrored database and the unit its replicating will need the same licenses.
  • Standby:

    With Standby, copies of the primary database are maintained on standby servers, which are dispersed geographically and any changes or updates the primary server experiences is replicated in the standby databases. In this situation, both the standby and the primary databases need to be fully licensed using the same metric.
  • Backups:

    Backups refer to a copy of a physical database structure. In the event of the loss of the original data, the backup files will be used to reconstruct the lost information. This copy may include critical elements of the database’s physical structure like control and data files and redo logs and can be stored either on a server, a storage array, a disk drive etc. Oracle will allow you to keep these copies in a storage device without needing to purchase a license but when the disaster occurs, and the data is taken from storage and installed onto the recovery server, you’ll need a license.
  • Your Oracle Licenses Match:

    It’s important to make sure that your DR servers have the same licensing metric (Processor or Named User Plus) as the primary server that it is supporting. DRs and their primary servers must also have matching database options and packs. When it comes to this coordination, you’ll find that Oracle is particularly unyielding and so it is important that any mismatching licensing is addressed before you are confronted with it during an audit.

Situations Where Licensing Isn’t Required for Disaster Recovery

While typically Oracle requires you to license any and all environments where their software is present, there are a few exceptions to the rule.

  • Failovers:

    A failover is where a database that is running on a primary server can be moved to a secondary server in the event that the primary fails. Oracle will allow a database to be run on this unlicensed secondary server for 10 days.   This scenario is allowed when both the primary and the secondary servers exist within a single cluster and share a single disk array or storage device. In this scenario only the failover server is free and once the primary server has been repaired, the database is required to switch back to the primary server. It’s also important to note that Oracle does not equate one day to 24 hours scattered over a long period of time. If the failover server is active for an hour one day and two hours another day, that counts for two days. You are only allowed to have one free failover node per cluster for up to ten separate days even if you have multiple nodes configured as failovers. This scenario also does not apply to VMware environments. If you would like to license your failover environments, you’ll need matching licenses to the databases the failovers will be supporting.
  • Testing:

    Oracle’s customers are allowed to use tape and disk backups of databases for the purpose of recreating that database for the use of testing. You can run this duplicated database on an unlicensed server four times per year, with a time restriction of two days for each test, at which time the database must either be removed from the server or will be considered licensable in the eyes of Oracle.

Be Ready for Anything with Properly Licensed Disaster Recovery

It’s always better to be prepared, whether that is getting your software environment ready for a natural disaster or making sure your licenses are orderly in the event of a software audit from Oracle.

It would be a terrible situation to discover that the very thing that was supposed to be there to keep your business afloat could cost you a staggering amount in compliance gap thanks to under licensed servers.

At MetrixData 360, our goal is to ensure you only pay for what you need to and to fight for your best interests when you go up against Oracle. If you’d like to know more about what our services entail when it comes to your Oracle Licensing, you can check out our Contract Negotiation page for more information.

Getting Ready to Certify Your ULA

Oracle’s ULA: Ready to Leave or Willing to Stay?
Consequences of Both

When your company is in an Oracle Unlimited License Agreement (ULA), the deal is that you hand over a single up-front payment and you get access to the licenses for a select set of Oracle products. With the volatile market, you may be asking if you should certify your ULA, and what it takes to complete an Oracle ULA Certification?

Of those select products, you can order an unlimited number of licenses for a set period of time, either three years or five years. The only costs in between renewals are the maintenance fees, which are 25% of the cost of the license. There are many reasons an organization would find this set up appealing:

  • It provides predictability in terms of costs, giving organizations the opportunity to plan for that expense.
  • It’s ideal for heavy users of Oracle products.
  • It puts a wide variety of products on a single payment, making the process of purchasing licenses that much easier.
  • The risks of having your ULA audited are minor.
  • It is sometimes purchased for the preparation of a large, long term project to accommodate potential growth.

Despite these advantages, the ULA can also be restrictive or even a trap for your company. Organizations might get into a ULA with the best intentions and end up staying in one simply because it’s easier to renew than to leave.

There may come a point where the maintenance fees no longer make the ULA a suitable option and you think about getting out of the agreement.

What does this shift look like?

At MetrixData 360, we have been working through tricky licensing agreements with Oracle for many years and we want you to know what you can expect and how you can prepare.

Why Certify Your ULA?

COVID

Signing up for a three-year business plan is a great strategy for times of stability and predictability. However, COVID-19 mixed with its following recession and the threat of a second or third wave means that flexibility and the ability to roll with the punches will be a critical element to future business plans. This is something that the rigid structure of the ULA doesn’t provide.

Freedom

Freedom: Flexibility has become essential as our world is rocked by constant uncertainty but also when it comes to the constant shift of technology. The ULA is rather rigid in the products you can pick from, and if new products are released that would fit your organization better, you wouldn’t be able to simply add it to your ULA. When you are in your ULA, you will also experience pressure from Oracle towards products that don’t fit your needs but suit their agenda. ULA customers often experience pressure to move to Oracle’s Cloud products, for instance. You will also find that trying to negotiate the price and products of your ULA is particularly difficult. Getting out of the ULA, even temporarily, will give you the freedom to explore your alternatives.

Cut Potential Costs

Few businesses have gotten out of the pandemic unscathed and many people’s top priority is to pinch pennies for short term cash flow and avoid costs wherever possible. Extending your ULA can often be more costly than simply certifying out, especially when you take into account the fact that support costs can add up over time. This rising expense comes with no added value, Oracle is simply increasing the prices on products you may not even be using because they know you are chained to your chair. If you certify out now, you can also simply sign up for another ULA later when things are more stable.

ULA and Audit Risks

Staying with the ULA

Oracle hasn’t been faring very well during 2020, as their Q4 report for 2020 has revealed with its release in mid-June. It doesn’t help that May, which was traditionally Oracle’s most lucrative month, was also the worst month of the pandemic.

Oracle is currently faced with record low numbers and many customers are worried this will result in more audits. It certainly won’t result in fewer audits.

While the products within your ULA might be safe, the products that are not a part of your ULA will be targeted. Since you have a ULA, members of your organization could have easily gotten mixed up about which products are covered under the ULA and which are not, meaning that you may be targeted for unlicensed products thinking that they were safe under the ULA.

Certifying Your ULA

When it comes to their ULA users, Oracle tends to be rather lenient and leaves you to your own devices (pun intended). You’re left in charge of keeping track of your own licenses and Oracle rarely bothers to check up on you.

Many organizations, as a result, tend to lose track of their deployments. Employees will install Oracle products after having been granted little or no authorization, resulting in sprawl and shadow IT.

As a result, when you are certifying out of your ULA and it comes time to declare how many licenses you have, Oracle will suspect that your declared number is little more than a guess. After losing the ensured revenue from your ULA, Oracle will happily make up for the losses by checking the state of your sprawl for potential compliance gaps.

At the end of the audit, they might even propose you renew your ULA instead of paying for the compliance gap they find. In other words, once you certify out of your ULA, it’s safe to assume an audit will be coming your way in 6 to 18 months.

What Do You Need To Do Before You Certify Your ULA?

Before you get excited and drop the news on Oracle that you’re letting them go, you’ll need to make sure you have everything ready for your departure.

1. Plan Your Exit

It’s best that you start preparing for your exit well ahead of time, at least 12 months before your ULA is up for renewal. There’s nothing in your contract that says you can’t hand in your certification for your ULA much sooner than the expiration date, and the last thing you want to do is run past the due date and be forced to renew.

2. Understand How You Certify Out

The certification process itself is quite simple. You merely need to write a letter signed by a C-level executive of your company, complete with the number of licenses you are certifying, and it needs to be submitted within 30 days of your ULA’s expiration. Finding those numbers, on the other hand, will be easier said than done.

3. Tell Your Team You Are Certifying Out

Communication between departments is not always top priority in large organizations. It’s important you convey that you are getting out of Oracle’s ULA to any employees who might install Oracle products with the same carefree attitude they expressed while the ULA was still in place.

4. Take Inventory and Perform a Self Audit

This will be the quickest way to decide whether certifying out is the best thing for your business right now. It will keep you from having to guess your usage and exactly how much you’ll save by leaving your ULA.

A self-audit will also ensure that you are compliant with any contracts you have with Oracle, and that the licenses you will be declaring are accurate. Now is the time to chase after any unknown information in regard to sprawl or shadow IT that may have cropped up under your ULA.

This is important to do before you certify out in order to maintain control over the certification process.

Oracle may want to take the lead by offering to certify you and it’s important you don’t let them. This will give them control over a process that they didn’t want to happen in the first place, and they will take as long as they wish.

Get Control Over Your Software Spend

There’s no need to keep a toxic relationship going if all your partner does is take and take, and it’s the same with your Oracle ULA.

Perhaps at one point it served your company well but if the agreement has grown old and stale in your mouth then you should have the freedom to leave and explore your options, lest you be stuck paying for a ULA that is simply a waste of money.

At MetrixData 360, we have your back throughout every step of this process. We can help you conduct a self-audit to create an accurate depiction of your deployment and usage, we know how to talk to Oracle so that you don’t feel pressured throughout these seemingly one-sided negotiations. We will teach you how to keep your head above water in the event of an Oracle audit.

If you would like more information on how MetrixData 360 can help you through an Oracle ULA Certification, you can visit our Audit Defense page.

Oracle’s 2020 Q4 Report Is In, Does It Mean An Audit For You?

Oracle released their 2020 Q4 report and it may mean that there are Oracle Audits coming. Software audits can be a living nightmare if you find yourself unprepared, leaving the possibility for things to spiral out of control until the next thing you know you’re facing outlandishly large compliance gaps no idea how to prove them wrong. Oracle audits are no exception to this and many of their customers find themselves at a loss when confronted with one. While we have covered how to handle a general audit, there are a few things about Oracle audits that make them unique, which is what we’ll go over today. At, MetrixData 360, we have gone up against the biggest software companies in the software industry today and have empowered our clients with the knowledge they need to walk away from such audits with minimal damage to their IT budget.

Oracle’s Results Released for Q4

On June 16, 2020, Oracle released its Q4 report for their fiscal year and the results show case exactly how hard Oracle has been hit by the COVID-19 pandemic . The report showed four areas of Oracle’s business that were suffering. First, the Cloud services and licenses support, which saw only a 1% increase in revenue over the past year, which is a considerably weak increase since, historically, Oracle has seen a 4% increase in that same category. Their other main streams of revenue have declined with hardware seeing a 9% dip, services seeing an 11% dip, and cloud licenses and on-prem licenses seeing a staggering nosedive of 22%.

Those are 2008-recession levels of bad and it doesn’t help that Oracle’s traditionally highest grossing month is May, where they haul in almost 40% of their year’s total revenue. May was also the same month that saw the worst of the pandemic lock down, where the last thing on anyone’s mind was buying more software. Part of this may be just a COVID-19 blip, with Oracle having only to make it to the other side of this truly terrible year before they can see their usual numbers again. However, these numbers have many of Oracle’s customers sweating at what this might mean for Oracle audits.

From the Beginning: What Attracts an Oracle Audit, and How to Respond to Receiving One

With this news, there is a strong chance that there will be an increase in audits, and it’s suspected that these audits will be aimed towards small to medium size companies with lower investments in Oracle, while companies who have large investments in Oracle are not expected to feel any significant changes. But while there might not be any significant increase for these large companies when it comes to Oracle audits, there will certainly not be a decrease in them any time soon, so it’s important that you are prepared all the same. While some software companies have routine audits or send out audits at random, Oracle tends to be a bit more precise when it comes to who they audit.

Generally, you can expect an Oracle audit once every 3-4 years, unless your last audit was restricted to only a single Oracle product or area of your software environment, then you can expect to be audited more frequently. Your Oracle audit may have been brought on by any of the following factors occurring in the past 24 months at your organization:

  • You’ve gone through a merger or acquisition
  • You are still in possession of old or outdated Oracle software whose metrics are no longer used by Oracle
  • You’ve conducted a hardware environment refresh
  • Your organization has seen an organic growth of 10% or greater
  • You have trimmed back on Oracle products in any way such as cancelling or reducing support from Oracle
  • You have an Unlimited Licensing Agreement (ULA), since it is suspected that Oracle will be focusing its auditing efforts on either getting you to renew your ULA or switch to a perpetual ULA

When you receive either an Oracle License Review or an Oracle License Audit, don’t let the different names distract or tempt you to take the Review as less serious than the Audit. They are essentially the same in both process and stakes. The only real difference between the two is that ‘review’ is a friendly, less threatening term when compared to an audit.

LMS and Oracle Tools: Dealing with Both

Oracle Licensing Management Service (LMS) is the internal team from Oracle that you will likely be dealing with throughout your audit. Although it is possible for Oracle to outsource the project to their partners, and other departments of Oracle will perform audit-like services such as reviews, their internal audit team is the only department authorized to perform License Audits on behalf of Oracle.

When you interact with Oracle’s LMS, one consistent element that you’ll run into is that they will want you to run their own, Oracle approved, SAM tools to collect the data from your software environment. Your first goal in this audit is to make sure that your tools are used instead, an argument which we cover in length in our Software Audit Defense Procedure . While you are required to comply with the audit, nowhere in your contract does it require you to install their SAM tools. So long as you can prove that your own SAM tools can accurately retrieve the data that Oracle is asking for, then there is nothing wrong with using your own tools.

Who Foots the Bill? The Old Oracle vs. the New Post COVID Oracle

In the past, Oracle’s audits and their sales reps had the same goal: sales for the sake of sales. Sales reps got commission annually for every transaction, these numbers were usually 1% of the contract value, and if it was cloud services they were selling, that number rose to a tantalizing 5-10%. So, sales reps preferred cloud services and at the end of an audit, it was often the case that cloud services would come up when it was time for settlement. Oracle has essentially offered its audited customers get-out-of-jail free cards in exchange for the purchase of cloud services at a much smaller cost than your compliance gap, even if you didn’t need the cloud solution you are purchasing. All the sales rep really cared about was selling the services, it didn’t matter to them if you never used it again afterwards, since they got to walk away with that 5%-10% commission jingling in their pockets.

Now, however, Oracle has made a few changes to their sales rep models. They have significantly cut back on their staff numbers, and have put the vast majority of the remaining sales reps on the task of exclusively selling cloud services, and will only see that same level of compensation if their customers use the cloud services that were sold to them. This means that you will not see be seeing any cloud service deals at the end of your audit, you’ll just be expected to pay the compliance gap, which will be painfully more expensive than the previous alternative.

Now, however, Oracle has made a few changes to their sales rep models. They have significantly cut back on their staff numbers, and have put the vast majority of the remaining sales reps on the task of exclusively selling cloud services, and will only see that same level of compensation if their customers use the cloud services that were sold to them. This means that you will not see be seeing any cloud service deals at the end of your audit, you’ll just be expected to pay the compliance gap, which will be painfully more expensive than the previous alternative.

In addition to these costs, if you are found to be out of compliance by a significant degree, then you will be forced to cover the expenses for the entire software audit, including any expenses that Oracle racks up.

 

How Should I prepare?

Once you have received a software audit notice from Oracle, you will have about 45 days to respond. During that time, you need to get the following ready:

  • A Non-Disclosure Agreement: This will ensure that any information that you give to the auditors must remain between you and them unless they ask for your consent to send it to the rest of Oracle’s higher ups. This will allow you to remain in control of how Oracle perceives your organization and your compliance, both of which will become important when you enter into the negotiation and settlement phase of the audit.
  • A Single Point of Contact (SPC): You will need to make sure that you have a team to act as a single point of contact (ideally with legal, technical, and Oracle specialization) in place who will exclusively deal with communications with Oracle’s audit team. The auditors will only talk to the SPC and anything that is passed from your organization to the auditors will pass under the SPC’s eyes first. Anyone who is planning to be interviewed by Oracle will discuss with the SPC what they are planning on saying and how they should answer Oracle’s questions. This isn’t done for the sake of hiding anything from Oracle, but this will help to keep track of where you stand with Oracle and ensures your negotiation strategies remain uncompromising.
  • A Scope for the Audit: This is done so that, in the case that you are not so far out of compliance as Oracle originally thought, they do not keep looking through your software environment trying to find the profit they anticipated, also referred to as ‘scope creep’.

This needs to be laid out during the kick-off meeting and it’s important that you do not let the data collection phase begin without those three things in place.

Want to become an Expert a Handling Software Audits?

No one will claim software audits are easy or simple, and if they claim it’s anything other than a thinly veiled attempt to squeeze more money out of your company, then they’re kidding themselves. Oracle audits can be especially tricky, considering the sheer size of Oracle’s company and the vast amount of resources you’ll be going up against. It can feel like you’re outnumbered and out of your depth as you’re surrounded by sharks who do this for a living. Which is why you don’t have to go through this experience alone. At MetrixData 360, we have created a whole reservoir of resources in order to better equip you to face any software audit that comes your way. If you would like to download our free e-book on a step-by-step process on handling software audits, you can click the link below.

What to Expect from Oracle Contract Renewals

2020 has so far been quite the cruel mistress and, although software companies have been relatively spared when compared to other industries, that hasn’t stopped Oracle from being dealt a heavy blow, as detailed in their Q4 report for 2020. Traditionally, May has been Oracle’s most lucrative month, but this year it was a month of tight lockdowns and a sweeping pandemic, so things did not go well. Now, Oracle customers are wondering if now is the time to start negotiating an Oracle contract renewal. But Oracle is known for being one of the toughest software vendors to hash out a contract with, their arrangements may be unwavering regarding their software, databases, and middleware, but if you want that wonderful Oracle software, then you’re going to have to find some happy middle ground. At MetrixData 360, we have dealt with Oracle on many different occasions and we have seen what it takes to get the deals that our clients are looking for, so when you’re getting ready for your contract negotiation with Oracle, here are a few things that you can expect.

 

Expect Oracle to Take their Sweet Time

This may be a byproduct of Oracle’s sheer size, as each new request triggers a bureaucratic process, but that doesn’t stop this drawn out process from being frustrating at the best of times. If you are used to dealing with smaller software companies, it may seem like Oracle is dragging out their process unnecessarily. This will be especially true since Oracle has recently reshuffled its sales team structure. The old Oracle sale structure had their whole sales force focused on selling on-prem license and cloud services, with a 1% cut of the contract value of each transaction for on-prem licenses and 5%-10% on cloud service contracts.

 

However, their focus has now shifted to only 25% of the sales force working exclusively on on-prem licensing with no compensation for selling cloud services, and the rest being exclusively put on the task of selling cloud services. This means if you want to cut a deal with a sales rep for on-prem licenses, they might be extremely busy and overworked. Despite the pressure they might be under, make sure that you take the time necessary to understand your current and projected usage so that you can secure a deal that serves your best interest and ensures you don’t get swept up in the whirlwind of licensing jargon.

 

Cloud Services are No Longer a Get Out of Jail Free Card

 

In the old model of Oracle, cloud services would often come up at the end of audits in exchange for a lower overall cost when compared to the compliance gap. Even if you had no intention of using it, the sales reps were happy since it meant they got their 5%-10% cut. However, Oracle’s new sales model now has sales reps only receiving compensation for the transaction if the customer uses it. On the one hand, this means that you no longer have to spend money on a cloud solution that you were never planning on using in the first place, but offering to simply buy a cloud solution no longer makes the sales rep’s eyes sparkle with interest – not unless you’re going to back up your claim with the actual intent to use the products.

 

Exiting Your ULA will be Difficult at Best

 

If your contract negotiation involves redefining the terms of Oracle’s Unlimited License Agreement (ULA), then you might be facing an uphill battle. The ULA has often proved to be quite troublesome, as they are expected to be the target of Oracle’s new audit wave after the release of their 2020 Q4 report. It can also be the target of an audit if you’d like to exit out of your ULA, as one common surprise Oracle likes to give as a going away present when you’ve decided to leave your ULA is an audit of your scripts to compare it to your usage. If you are thinking about exiting your existing ULA, you may find yourself being pushed towards renewing it anyway for a variety of scenarios Perhaps you’ve mistakenly deployed Oracle software not covered by your ULA, or perhaps you have lost track of what has been deployed in your software environment and now have no idea what you would owe if you left your ULA . You may have also deployed your ULA software onto non-Oracle cloud platforms, like Azure or AWS, which will require you to purchase missing licenses.

 

Know Your Data Inside and Out

 

This is true of any negotiation, not just with an Oracle contract renewal. Having strong visibility into your data regarding your software spending and usage will give you the information you need to do more than just guesswork when it comes to your anticipated usage. Data will also give you the ability to plan, instead of simply buying for what you are currently using, you can purchase to accommodate for future growth. Oracle products are also known to be quite lenient – they will often allow you to install and use products without checking your licenses, expecting you to simply know what you are and are not licensed to use. Understanding the ways in which your company intends to or is currently using Oracle will allow you to pick out any changes in use that might occur over time, whether that is intentionally or (more alarmingly) unintentional usage. Knowing your data regarding Oracle will prevent any compliance issues that may arise, even if you are perfectly in control of your Oracle usage.

Take Control of your Oracle Contract Renewal </h2 class=”headline”> 2020 has been rough and it might be necessary to renegotiate your contracts to accommodate for this new normal. Knowing what to expect from a contract negotiation with Oracle will allow you to be better prepared. If you would like help in organizing your next software contract with Oracle, MetrixData 360 has helped successfully navigate our clients through Oracle contracts on many occasions and saved them millions of dollars. If you’d like to know more about how MetrixData 360 can help minimize your software expense while maximizing its value, you can read our new article on how to negotiate for layoffs and saving money during a pandemic.

IBM DB2 vs Oracle Database

With a constantly growing IT infrastructure, it is important to know how your company plans on managing data storage and data management. At MetrixData 360, our customers are taking an interest in IBM’s DB2 and Oracle’s Database, although there seems to be a bit of confusion about which one is right for their system. While we are unaffiliated to any software vendor, we aim to empower our customers to make smarter IT spending decisions for their business and so today, we’d like to go over what IBM DB2 and Oracle Database are and some things to consider before signing any contracts around either.

IBM DB2 Databases

IBM DB2 is a collection of relational database management systems (RDBMS). First commercially released in 1983, DB2 offers its clients a means to manage their structured and unstructured data that is stored both on-prem and in the Cloud. These hybrid data management products are powered by AI capabilities to create an efficient means of providing data insights while being both flexible and scalable. It is one of the three most popular databases available in the market today, alongside Microsoft SQL Servers and Oracle’s Database.

Features of DB2

The reviews for this product rank it highly for its ability to work with substantial amounts of data without reducing its performance by any means. Clients also report receiving very little downtime from the product. IBM’s DB2 is praised for its stability, customers reporting that both its hardware and software have proven reliable. DB2 is also proven to have excellent storage capabilities, and claims to be especially SQL server compatible, so if you have experience with similar products, you won’t be starting from square one.

Disadvantages of DB2

Reviews on Gartner from IBM’s clients reveal that the setup of DB2 can be quite laborious and there is a risk that queries would produce the wrong results if the DB2 fails to interact correctly with other products. There is also a learning curve to be found with DB2 and it requires a skilled team for the product to reach its full potential. The tools for queries have also been reported to be a bit lacking.

What is the Future of DB2

In June of 2019, IBM released DB2 11.5, which is praised for its AI capabilities. This new database is powered by and run by AI. The benefits of this can be found in the database’s high-speed queries, and its ability to handle natural language querying, which are styled after search engines and can provide a similar user experience.

Can IBM DB2 be Taken to the Cloud?

IBM does offer a Cloud solution, IBM DB2 on Cloud, which presents tempting features like quick and easy installation, compatibility with Oracle’s database, and even a free tier available if you’d like to try it out – though we always advise caution around free software and exposure to shadow IT. Although reviews have claimed that it lacks the regional options of larger Cloud platforms, so it is always best to check the availability of IBM Cloud capabilities in your particular region, as it could easily influence its overall performance and your user experience.

Oracle Database

Another popular option that many businesses are opting into is the highly reputable Oracle Database. Oracle Database appeared in 1979 with Oracle v2 being marked as the first commercially available SQL-based RDBMS.

Features of Oracle Database

Oracle comes with many wonderful features, such as their high quality support, scalability, and the ability to track sophisticated architecture. It has also been reported to be extremely reliable, with very little down time and applying new instances to Oracle can be relatively painless.

Disadvantages of Oracle Database

Some of the disadvantages of having Oracle as your database is, according to reviews on Gartner, that the system needs an experienced administrator at the helm in order to properly manage it. The product is also very expensive, with the tool proving out of reach for most start-up businesses on a budget.

The Future of Oracle Database

Oracle has been tentatively looking into things like having algorithms embedded directly into microprocessors and integrating big data storage with the data their customers have already accumulated when installing Oracle Database. Oracle’s database also wishes to make its product able to more easily integrate with other products like SQL Server and JSON.

Can Oracle Database be Taken to the Cloud?

Oracle can be taken to the Cloud thanks to Oracle Cloud for Database Management, which offers a variety of features including the ability to easily implement it, easily creating backups and restore processes and easy patching. One of the main appeals of Oracle Database, according to Oracle’s own website, can be found in in the fact that you can move to the Cloud seamlessly, using the same technology that you had on-prem and claiming to have zero downtime during the transition (although reviews have tracked the installation time to anywhere between 2.5-3.5 hours). The product has also been praised in Gartner Reviews for being able to handle a large workload (one review even claims to run a million daily transactions through Oracle). Although, more critical reviews have said that the auto-extend data storage needs to be improved, and the DB monitor alerts are not exactly effective.

Which Works Best for You?

At MetrixData 360, we want you to make as an informed decision as possible about your next purchase with IBM or Oracle as both have reputations of frequently auditing their customers’ compliance with their difficult to read contracts. It is important that you get a fair deal that best suits your business’s unique software profile. At MetrixData 360, we have saved our clients millions of dollars through successful contract negotiations with IBM, Oracle, Microsoft, and Adobe, just to list a few of the vendors that we have handled in the past. Get the Software Contract Negotiation Experts on your team and save big on your next software contract.

The Invisible Risk of Oracle VirtualBox

Is there a way a free piece of software downloaded off the Internet can cost your company potentially huge auditing fines? Oracle VirtualBox is one such seemingly benign application that can prove a major liability for your company.  Oracle VirtualBox acts as the coordinator of virtual machines from multiple operating systems and can improve the performance of guest virtual machines. It is a free piece of Open Source software for anyone to download. At MetrixData 360, we have seen that Oracle is actually targeting companies with VirtualBox installed on their company desktops and in this article, we’re going to discuss why that is and what it could mean for your company.

A Quick Definition of ‘Copyleft’

In the software licensing world, there are two definitions of ‘free’. There is the regular definition of the word free, where you don’t have to pay for anything. Then there is open source software, which is also described as ‘free software’ or ‘Copyleft licensing’, a term which can be applied to VirtualBox’s General Public License version 2 (GPLv2). Open source means that you may or may not be asked to pay for the software, but once you have the software, you can crack it open and tinker with the source code. You’re allowed to learn from it, improve upon it, and you can even pull out pieces you like and use the code to make other things. It’s great for hobbyists who want to develop their coding skills, especially since doing this same thing to regular copyrighted software would send them straight into a copyright infringement lawsuit.

The only real rule when playing around with open source software is that you can’t make money off of the software codes, and if you give the software to someone else, then you have to allow them access to the source codes as well. For example, if I made a game out of open source code, I could share it with my friends or post it online for people to play so long as I supplied them with the open source library I used to make it and offered the game for free. While this can be great for some, things have the tendency to enter the grey area quickly when open source code enters the corporate realm. Even if you aren’t directly selling anything with open source codes, what technically constitutes as ‘making money’ from the software? That’s where things get sticky.

Problems with VirtualBox

VirtualBox is free in every sense of the word; you don’t have to pay for it, and you can play around with the code as much as you like, so what is the issue? Sadly, there are many issues that arise when your business decides to get VirtualBox.

VirtualBox’s Extension Pack

VirtualBox is broken down into three parts. The Basic Package, the Extension Pack, and the Guest Additions. The Basic Package and the Guest Additions are free, however, the Extension Pack that you can install just as easily to go with VirtualBox is distinctly not free. The Extension Pack is what you need to buy a license for.

Why Get The Extension Pack?

The Extension Pack is enticing for many reasons. Namely, it improves the performance of the VirtualBox and while the VirtualBox alone only supports USB 1.1 devices, the Extension Pack Supports USB 2.0 and 3.0 devices. If you have an issue with VirtualBox and you don’t have the Extension Pack, then you can consult the VirtualBox Community. This is basically a reddit-like board consisting of a collection of software enthusiasts who may just have the solution to the problem you’re facing. However, if you get the Extension Pack, then you are eligible for support, updates, and maintenance from Oracle.

Can the Extension Pack be Redistributed?

Unlike the rest of VirtualBox, the Extension Pack is subject to the Personal Use and Evaluation License (PUEL), which means that you can download the Extension Pack onto a single host computer for non-commercial purposes, which a company distinctly doesn’t fall under. Unlike with the GPLv2, which allows for redistribution, you can’t redistribute the Extension Pack without a special license from Oracle.

How Much Does the Extension Pack Cost?

The Extension Pack has two pricing models that you can pick between, as seen below and published on Oracle’s website:

Oracle VirtualBox Pricing Chart

It is important to note that if you chose to use the socket pricing model (a socket is what hosts a chip, which contains a collection of one or multiple cores), then you will need a license for all the hosts within a vCenter, which could expand throughout multiple data centers. This means that anything the VirtualBox touches needs to be licensed. In addition, any environments like Test/Development servers that interact with VirtualBox also need to be licensed. Failure to attend to these issues could easily translate to owing Oracle hundreds of thousands of dollars in required licenses, depending on the size of your infrastructure.

 

Shadow IT

Does your company have VirtualBox installed on its desktops? If you have a discovery tool in place as a part of your Software Asset Management process, that’s probably where your thoughts are turning if you want to find the answer. However, at MetrixData 360, we are repeatedly finding that discovery tools that are available today are unable to detect the presence of VirtualBox on a device. Without that visibility, the only options you possess for monitoring the usage of VirtualBox is either checking the desktops manually (a gruelling process which leaves a very likely threat of human error), or we have suggested to many clients, simply put a company-wide block on the webpage where you can download VirtualBox.

 

The Foot in the Door for a Software Audit

While the presence of VirtualBox may be a blind spot to you, it certainly isn’t for Oracle. They are notified of every installation of VirtualBox and will be able to know which desktops in your company have VirtualBox. Even if your company is out of compliance when it comes to VirtualBox’s Extension Pack, your penalty may be somewhere shy of USD $1,000, which amounts to pennies for larger corporations. Since the fine is so small, it may lead companies to brush it off, but this small fine could easily lead to a bigger problem. Catching Oracle’s attention by being out of compliance with VirtualBox has resulted in many companies receiving a larger software audits from Oracle since they now have evidence to suggest the company’s software environment is not as organized as it ought to be. It’s best to tackle this small problem before it grows into a larger one.

 

So, How Do You Check Your Environment for VirtualBox?

If at this point you are wondering how exactly you figure out who already has VirtualBox on their desktops within your company, you can use the following instructions to manually check if a desktop has the Extension Pack.

Check Environment for Virtualbox

 

For More Information About Oracle VirtualBox

We have found that incidents of shadow IT within an organization are an unfortunately common occurrence that can create security problems, costly app sprawls, and as we saw in the case of VirtualBox, compliance issues. In order to avoid this, it is important to implement a strong software asset management process that can regulate the installation of software. If you would like to know more about the general benefits of software asset management, you can check out our article, Software Asset Management: Its Importance, Purpose, and How it Saves Money.

Book a Meeting with an Oracle Licensing Expert

Find out if our services are right for your company. Book a half hour meeting with our team and find out if MetrixData 360 is the right fit for your organization.

Microsoft, Oracle, IBM, and Adobe Software Audits at a Glance

The Top Four Software Vendors Sending Out Software Audits

It is likely that your software budget is shrinking yet your software vendors are looking for you to spend more money with them every year. When software companies can’t get the revenue they expect from you, they will often turn to software audits as a way to make up the difference. Software audits are many things: stressful, frustrating, leave you thinking that living in a cave, herding goats might have been an easier career path. But for the software publishers’ audits are quite profitable, and they have come to exploit this as a way to make their annual revenue growth targets.

Gartner has said that there is a 60% or greater chance that enterprises will be audited by at least one software publisher in any given year. The best way for you to handle the rising tide of software audit requests is by knowing your software environment and performing routine health checks to uncover areas of exposure. We cover the top areas where a company is exposed to in a software audit in our article Software Audit Preparation: What You Need to Know.

The Biggest Companies Performing Software Audits Are:

  • Microsoft
  • IBM
  • Oracle
  • Adobe

At MetrixData360, we have extensive experience working with all of these vendors, and we know how to handle an audit from each. In this post we’ll discuss some of the things you need to know about each of the software vendors and how to handle them during a software audit.

Microsoft Audit

Microsoft often claims that their audits are simple, short, and painless. In our eight years of defending companies during their software audits, we’ve yet to see a Microsoft audit that has matched this description.

Instead, we have seen audits that take almost 18 months to finalize as customers try to dig through rising mountains of data that are required as part of a Microsoft Audit (or SAM Engagement). Here are just a few tips for dealing with a Microsoft software audit:

    • SAM Audit or Review?

From our experience, Microsoft can either offer you SAM reviews or audits. SAM reviews are technically optional but refusing will likely result in getting audited. For a full breakdown of the difference between a Software Audit and a SAM review, visit our post Software Asset Management (SAM) Review vs Audit: What’s the Difference?

    • Respond to Your Vendor

We are often asked if you need to respond to an audit or a SAM letter. The short answer is yes, it is highly advisable that you respond to both. Not responding to a software audit, can find you in breach of your contract and leave you facing potential legal ramifications and hefty fines up to $100,000 USD. Although you could technically refuse a SAM Engagement, you could also find yourself running the risk of being in breach of your contract.

It has been our experience that refusing a SAM review will often result in Microsoft responding by sending you a full audit that you can’t refuse. Therefore, it would be more beneficial for you and your company to negotiate with Microsoft to perform a self-assessment as opposed to having a Microsoft partner perform the audit. A SAM engagement will be nearly identical to an audit after the data collection stage has begun and you will struggle to see the difference between the two processes until the negotiation stage has been reached.

    • Software Reviews vs Software Audits

The real difference between a SAM review and an audit can be seen when examining the penalties of each and how they are resolved. In a SAM review, you will be allowed to purchase your missing licenses at your contracted prices or at your historically discounted rate. In an audit, on the other hand, Microsoft has the right to charge any shortfalls at List Price in addition to a 5% penalty, although this may vary depending on your contract.

    • Paying For An Audit

Another difference between a SAM review and full audit appears when asking who will pay for the whole process. Microsoft will pay for the cost of the SAM engagement themselves whereas in an audit if you are found to be greater than 5% out of compliance you will be responsible for paying for the audit yourself in addition to any penalties you are incurred during the audit.

IBM Audit

IBM audits can be especially tough, since many of their license metrics require you to accurately have installed their ILMT tool in order to effectively capture your estimated license position (we have found that the majority of IBM’s customers have not done this correctly). Here are some things to consider that can help in the case of an IBM audit:

    • True Up Costs

Once your software audit has concluded, IBM will often let you settle at your discounted price with an additional fee for the maintenance that was used for the upkeep of the product when it was unlicensed.

    • Watch For Licensing Changes

IBM is also prone to make licensing changes which can apply to a wide range of their products in the wake of acquiring a new software company to their profile or releasing new versions of their software. When these events occur, be sure to look at your licenses with IBM to check for relevant updates.

    • Properly Set Up and Use ILMT

Our CEO Mike Austin says that you need to understand ILMT and how it works to effectively manage most IBM Software Audits.
According to Mike, “IBM isn’t typically auditing their Passport Advantage program, they are going after the complexity of sub-capacity and PVU based licensing. In order to pass an audit if you are licensing at sub-capacity, you need to have ILMT up and running. You will also need a have a history of reports. Installing and configuring ILMT is tricky and not many companies have done it correctly. In a lot of our work around IBM Audits, we are fixing ILMT reporting before we even start the work of defending an audit.”

    • ILMT Does Not Hold All The Answers

However, installing ILMT doesn’t mean you are 100% safe from IBM’s audits, you can still be found out of compliance.

    • Avoid Scope Creep

Our IBM Audit teams says to make sure you define the audit scope, as IBM is quite notorious for scope creep. You will want to ensure you know which products and contracts are included (and excluded) from the audit.

    • Put The Onus On IBM

You need to get an agreement with IBM (not the reseller- they can’t promise this) stating that IBM will take on the responsibilities to ensure that the product being deployed is correctly licensed. If they fail to then deploy ILMT after such a deal has been reached, then it might be possible to get a concession during an audit.

    • Defend Yourself With Data

Even if IBM doesn’t take responsibility for the licensing of deployed software, you might have a case to circumnavigate adverse findings that can come up due to ILMT’s failures, if you can collect historical system-generated reports that demonstrate the following things:

1) the processor resources that were allotted to the VMs running the PVU-licensed products have been or are capped and are not subject to any automated augmentations-based on system demands and

2) the historical usage of these products never exceeded licensed levels. However, this data has proved difficult for companies to obtain in the past.

Oracle Audit

From our observations, Oracle Audits incur the largest compliance findings typically. We’ve dealt with Oracle many times in the past, and here are some things you should know about how Oracle conducts their audit.

    • Only Pay For What You Use

According to the ITAM Review’s article Oracle Audit: Top 20 Frequently Asked Questions, for Oracle, the installation of software and the licensing of that software are two different events, with the exception of Database Enterprise Editions, so be careful when initially deploying software as it will likely be the cause of issue during an audit. For example, Oracle optional features, such as RAC, get turned on by default when installing databases, these options may only be licensable if you actually use them, not if you have them installed. This is a subtle difference, but it can have a profound impact and it is an area that is often found as being licensable by LMS. However, we have often found that it can be negotiated out with usage data.

    • Oracle Software Review vs Oracle Software Audit

Oracle has Oracle License reviews and Oracle License audits. These are the exact same thing – “review” just sounds friendlier. Both should be treated with the same level of severity.

    • Understand Your Contract

According to Scott & Scott, LLP’s article, Seven Lessons I Learned Representing Clients in Oracle Audits, take extra care to understand Oracle’s policies around usage. Since many of Oracle’s policies will not be included in the license’s documents, there tends to be a lot of confusion generated around this topic. Some areas that produce the largest findings in an Oracle Audit are VMWare and Oracle’s policy stating that all Processors in a cluster must be licensed. This policy has caught many organizations off guard and is the crux of the major lawsuit between Oracle and Mars Corporation.

    • More Gaps Cost More Money

As with Microsoft, if you are found out of compliance on a Oracle Audit you will have to cover the expense for the audit.

    • Use Your Own Tools

Our Oracle Audit Experts state that you are not required to use Oracle’s scripts to collect your data, especially if you have your own methods in place for gathering your data. LMS will try very hard to get you to use their scripts. We recommend, however, that you use your own processes first, if possible.

    • Tools Are Only As Good As The People Using Them

ITAM Review’s article Oracle Audit: Top 20 Frequently Asked Questions, states that Oracle has several approved SAM tools like Lime Software, Easyteam, BDNA, Hewlett-Packard, Flexera Software, Nova Ratio, and iQuate. However, these tools only collect raw data and won’t provide you with the interpretation of that data which will tell you what you need to license. Therefore, just because you have Oracle-approved tools, it doesn’t mean you’re completely safe in an Oracle audit.

    • Get A Paper Trail

In all audits, but especially ones with Oracle, it is highly recommended that you get a closing statement to close out the audit (indemnification is the most ideal). This is especially important with Oracle, as they are a very litigious vendor. You will be happy that you have a closing statement in case the audit ever goes to court and your company’s reputation is suddenly on the line.

Adobe Audit

Compared to the other heavy hitters, Adobe’s software audits can seem like little more than a friendly reminder. However, Adobe’s products can be quite expensive, so it’s important not to let this vendor slip from your mind. Here are some tips about Adobe licensing:

    • Friendlier, But Not Friendly

According to a study released by Gartner in 2016 and presented in their article What Does an End to Adobe Auditing and License Compliance Activity Really Mean?, Adobe has steadily moved away from auditing their customers, focusing instead on their Software as a Service platform and subscription-based licensing. That does not mean your company no longer has to deal with compliancy risks from Adobe, as Adobe still maintains the right to verify compliancy, giving their customers 30 days to provide data to ensure proper usage.

    • Buy What You Need, Not What You Want

The Gartner article also states that with a focus on SaaS and the subscription-based nature of Adobe, along with the lack of an “off-switch” for Adobe products, the main focus of Software Asset Management when it comes to Adobe should be proper sizing and monitoring usage.

    • For Adobe, It’s The Little Things That Count

According to TechRepublic’s article How to Prevent or Navigate an Audit by Adobe, Adobe monitors their customers differently from other vendors. Where Microsoft, Oracle, and IBM are interested in unlicensed software, Adobe is more interested in the protection of their intellectual property and making sure their product is used correctly. Are you correctly licensing any fonts with Adobe? These small questions can accumulate if they are not properly answered.

    • Adobe Does It Themselves

TechRepublic’s article also states that Adobe performs their own compliance verification review as opposed to hiring a third-party auditor, which can either be good or bad depending how far out of compliance you are.

    • Watch For Creative Suite License Changes

One best practice we advise our client’s to adhere to when dealing with Adobe says that you will have to pay particular attention to Creative Suite, as it is prone to change almost every year and these constant updates make it difficult to keep track of products. It will often leave programs as obsolete and the licensing for it makes it difficult to understand what is truly needed.

    • Upgrade Licenses Can Downgrade Your Compliance

Finally, according to TechRepublic’s article How to Prevent or Navigate an Audit by Adobe, Adobe also has no program in place to account for upgrades. Upgrade licenses, therefore, can sometimes stretch back several years – so, keep track of how far back these licenses go and be sure not to leave yourself over-confident (don’t forget that sometimes you can only go back three versions – so tracking that can also be very difficult).

How MetrixData360 Can Help

Software audits have been known to put a strain on any company’s software budget, so knowing about the software vendors that tend to resort to such methods will leave you with a better knowledge of what to expect. At MetrixData360, we believe that you should not have to pay the software vendors more than what you owe them, so it’s important to invest in software asset management long before you’re confronted with a software audit. By clicking the button below, you will be taken to our audit services page, where you can learn more about how we can help you survive a software audit.

Oracle Java Licensing Changes

Java Licensing Update

Did you know Oracle changed the rules on Java licensing earlier this year and that, as a result of this change, many companies may be exposed to an audit by Oracle?   That’s the what all the experts are out there claiming, that you may have 100’s of thousands if not millions of dollars in exposure to unlicensed Java use based on these changes.

Before I get into the 5 Simple tricks to perform a Java Audit, let me tell you… based on experience from the Java Audits that MetrixData 360 have conducted to-date, this doomsday financial ticking time bomb is neither accurate nor true.  Yes, you could potentially owe a million dollars, but our average findings indicate that the amount of unlicensed Java our clients had exposure on was typically less than $50,000.   You can breathe a little easier now!

So why are these Oracle License and Audit experts saying you could owe millions?  The reason is simple. These “experts” are lacking important information to make these claims.  I might go even as far to say, many of them don’t have the expertise to even advise you on what level of licensing you require.  They are making these claims because traditional Oracle licensing is complicated and confusing.  The environments that Oracle run in are large, diverse and expansive.  And I agree with those statements.  A traditional Oracle audit is expensive and complicated.

Oracle Java however, is deployed primarily in your desktop environment.  Most Oracle Licensing and Audit experts don’t have experience with desktop environments….  And yes, I do know that Java can be installed in server environments.  But quite honestly?  An Oracle Java Audit is more like a Microsoft Office audit (on both desktops and servers) than it is like an Oracle Server Audit.

5 Tips for Navigating An Oracle Audit

So let me now tell you the 5 incredibly simple things you need capture to conduct a successful (for you) Java Licensing Audit and determine just how much (or should I say how little?) you may owe Oracle today.

#1 – Understand Your Oracle Deployments

Visualizing and validating your deployment data is one of the most important components to understanding your license position.  Unfortunately, capturing this data accurately is arguably one of the most frustrating things you can go through.  With multiple data sources, rows and rows of data that needs to be stitched together and IT departments that are unaware of all the data that is required – this process is an exercise in frustration for every client we’ve ever worked with.

That’s why MetrixData 360 developed a tool to do it for you!  A great way to understand your deployment data is to utilize a simple data visualization and inventory normalization tool.  Let me introduce you to our custom-developed tool – SAM Compass.  This tool works with your inventory tools (SCCM, Altris, LanDesk etc.) to easily (and accurately!) bring together the data you need in a simple, workable, format; so, you can easily apply software licenses to your deployment in the most optimal manner.

#2 – Determine What is Licensable Today and What is Not!

The key to keeping your costs down is understanding not all of Java is licensable today (or maybe ever).  When it comes to your deployment data, you need a normalized list of Software that is Auditable today.  While this may be easier said than done, our SAM Compass tool has been developed to make this easier.

#3 – Understand Where Java is Bundled (Typically in Server product)

Java is included for free as a restricted use product with many applications.  Weblogic, PeopleSoft, SAP and IBM all have Java bundled into their products that may not require a license.

#4 – Review Your Use of Oracle Java on your Desktops

Many times, Java was included on the desktop for browser applications.  You need to review your use of these products and determine if you need to continue.  You will also want to look at other options (that are still free) such as OpenJDK, as a replacement.

#5 – Hire Java Licensing Experts

If you’ve spent any time trying to understand all the nuances of Java licensing, you know how complicated it is.  Just do a pull of Oracle Java Titles and try and figure out which ones require a license today vs. which ones don’t.  It’s very confusing.  There are experts out there that can help you (cost effectively) determine your compliance position (and provide you with valid recommendations for the future).  MetrixData 360’s SAM Compass tool and our team of experts can save you a lot of time, money and frustration.

If you’d like more information on Java Licensing – download our FAQ document or send us an email at: info@metrixdat360.com to book a demo of our SAM Compass tool for Oracle Java Assessments.

This presentation contains images that were used under a Creative Commons License. Click here to see the full list of images and attributions:

https://link.attribute.to/cc/326139