Oracle’s 2020 Q4 Report Is In, Does It Mean An Audit For You?

Oracle released their 2020 Q4 report and it may mean that there are Oracle Audits coming. Software audits can be a living nightmare if you find yourself unprepared, leaving the possibility for things to spiral out of control until the next thing you know you’re facing outlandishly large compliance gaps no idea how to prove them wrong. Oracle audits are no exception to this and many of their customers find themselves at a loss when confronted with one. While we have covered how to handle a general audit, there are a few things about Oracle audits that make them unique, which is what we’ll go over today. At, MetrixData 360, we have gone up against the biggest software companies in the software industry today and have empowered our clients with the knowledge they need to walk away from such audits with minimal damage to their IT budget.

Oracle’s Results Released for Q4

On June 16, 2020, Oracle released its Q4 report for their fiscal year and the results show case exactly how hard Oracle has been hit by the COVID-19 pandemic . The report showed four areas of Oracle’s business that were suffering. First, the Cloud services and licenses support, which saw only a 1% increase in revenue over the past year, which is a considerably weak increase since, historically, Oracle has seen a 4% increase in that same category. Their other main streams of revenue have declined with hardware seeing a 9% dip, services seeing an 11% dip, and cloud licenses and on-prem licenses seeing a staggering nosedive of 22%.

Those are 2008-recession levels of bad and it doesn’t help that Oracle’s traditionally highest grossing month is May, where they haul in almost 40% of their year’s total revenue. May was also the same month that saw the worst of the pandemic lock down, where the last thing on anyone’s mind was buying more software. Part of this may be just a COVID-19 blip, with Oracle having only to make it to the other side of this truly terrible year before they can see their usual numbers again. However, these numbers have many of Oracle’s customers sweating at what this might mean for Oracle audits.

From the Beginning: What Attracts an Oracle Audit, and How to Respond to Receiving One

With this news, there is a strong chance that there will be an increase in audits, and it’s suspected that these audits will be aimed towards small to medium size companies with lower investments in Oracle, while companies who have large investments in Oracle are not expected to feel any significant changes. But while there might not be any significant increase for these large companies when it comes to Oracle audits, there will certainly not be a decrease in them any time soon, so it’s important that you are prepared all the same. While some software companies have routine audits or send out audits at random, Oracle tends to be a bit more precise when it comes to who they audit.

Generally, you can expect an Oracle audit once every 3-4 years, unless your last audit was restricted to only a single Oracle product or area of your software environment, then you can expect to be audited more frequently. Your Oracle audit may have been brought on by any of the following factors occurring in the past 24 months at your organization:

  • You’ve gone through a merger or acquisition
  • You are still in possession of old or outdated Oracle software whose metrics are no longer used by Oracle
  • You’ve conducted a hardware environment refresh
  • Your organization has seen an organic growth of 10% or greater
  • You have trimmed back on Oracle products in any way such as cancelling or reducing support from Oracle
  • You have an Unlimited Licensing Agreement (ULA), since it is suspected that Oracle will be focusing its auditing efforts on either getting you to renew your ULA or switch to a perpetual ULA

When you receive either an Oracle License Review or an Oracle License Audit, don’t let the different names distract or tempt you to take the Review as less serious than the Audit. They are essentially the same in both process and stakes. The only real difference between the two is that ‘review’ is a friendly, less threatening term when compared to an audit.

LMS and Oracle Tools: Dealing with Both

Oracle Licensing Management Service (LMS) is the internal team from Oracle that you will likely be dealing with throughout your audit. Although it is possible for Oracle to outsource the project to their partners, and other departments of Oracle will perform audit-like services such as reviews, their internal audit team is the only department authorized to perform License Audits on behalf of Oracle.

When you interact with Oracle’s LMS, one consistent element that you’ll run into is that they will want you to run their own, Oracle approved, SAM tools to collect the data from your software environment. Your first goal in this audit is to make sure that your tools are used instead, an argument which we cover in length in our Software Audit Defense Procedure . While you are required to comply with the audit, nowhere in your contract does it require you to install their SAM tools. So long as you can prove that your own SAM tools can accurately retrieve the data that Oracle is asking for, then there is nothing wrong with using your own tools.

Who Foots the Bill? The Old Oracle vs. the New Post COVID Oracle

In the past, Oracle’s audits and their sales reps had the same goal: sales for the sake of sales. Sales reps got commission annually for every transaction, these numbers were usually 1% of the contract value, and if it was cloud services they were selling, that number rose to a tantalizing 5-10%. So, sales reps preferred cloud services and at the end of an audit, it was often the case that cloud services would come up when it was time for settlement. Oracle has essentially offered its audited customers get-out-of-jail free cards in exchange for the purchase of cloud services at a much smaller cost than your compliance gap, even if you didn’t need the cloud solution you are purchasing. All the sales rep really cared about was selling the services, it didn’t matter to them if you never used it again afterwards, since they got to walk away with that 5%-10% commission jingling in their pockets.

Now, however, Oracle has made a few changes to their sales rep models. They have significantly cut back on their staff numbers, and have put the vast majority of the remaining sales reps on the task of exclusively selling cloud services, and will only see that same level of compensation if their customers use the cloud services that were sold to them. This means that you will not see be seeing any cloud service deals at the end of your audit, you’ll just be expected to pay the compliance gap, which will be painfully more expensive than the previous alternative.

Now, however, Oracle has made a few changes to their sales rep models. They have significantly cut back on their staff numbers, and have put the vast majority of the remaining sales reps on the task of exclusively selling cloud services, and will only see that same level of compensation if their customers use the cloud services that were sold to them. This means that you will not see be seeing any cloud service deals at the end of your audit, you’ll just be expected to pay the compliance gap, which will be painfully more expensive than the previous alternative.

In addition to these costs, if you are found to be out of compliance by a significant degree, then you will be forced to cover the expenses for the entire software audit, including any expenses that Oracle racks up.

 

How Should I prepare?

Once you have received a software audit notice from Oracle, you will have about 45 days to respond. During that time, you need to get the following ready:

  • A Non-Disclosure Agreement: This will ensure that any information that you give to the auditors must remain between you and them unless they ask for your consent to send it to the rest of Oracle’s higher ups. This will allow you to remain in control of how Oracle perceives your organization and your compliance, both of which will become important when you enter into the negotiation and settlement phase of the audit.
  • A Single Point of Contact (SPC): You will need to make sure that you have a team to act as a single point of contact (ideally with legal, technical, and Oracle specialization) in place who will exclusively deal with communications with Oracle’s audit team. The auditors will only talk to the SPC and anything that is passed from your organization to the auditors will pass under the SPC’s eyes first. Anyone who is planning to be interviewed by Oracle will discuss with the SPC what they are planning on saying and how they should answer Oracle’s questions. This isn’t done for the sake of hiding anything from Oracle, but this will help to keep track of where you stand with Oracle and ensures your negotiation strategies remain uncompromising.
  • A Scope for the Audit: This is done so that, in the case that you are not so far out of compliance as Oracle originally thought, they do not keep looking through your software environment trying to find the profit they anticipated, also referred to as ‘scope creep’.

This needs to be laid out during the kick-off meeting and it’s important that you do not let the data collection phase begin without those three things in place.

Want to become an Expert a Handling Software Audits?

No one will claim software audits are easy or simple, and if they claim it’s anything other than a thinly veiled attempt to squeeze more money out of your company, then they’re kidding themselves. Oracle audits can be especially tricky, considering the sheer size of Oracle’s company and the vast amount of resources you’ll be going up against. It can feel like you’re outnumbered and out of your depth as you’re surrounded by sharks who do this for a living. Which is why you don’t have to go through this experience alone. At MetrixData 360, we have created a whole reservoir of resources in order to better equip you to face any software audit that comes your way. If you would like to download our free e-book on a step-by-step process on handling software audits, you can click the link below.

What to Expect from Oracle Contract Renewals

2020 has so far been quite the cruel mistress and, although software companies have been relatively spared when compared to other industries, that hasn’t stopped Oracle from being dealt a heavy blow, as detailed in their Q4 report for 2020. Traditionally, May has been Oracle’s most lucrative month, but this year it was a month of tight lockdowns and a sweeping pandemic, so things did not go well. Now, Oracle customers are wondering if now is the time to start negotiating an Oracle contract renewal. But Oracle is known for being one of the toughest software vendors to hash out a contract with, their arrangements may be unwavering regarding their software, databases, and middleware, but if you want that wonderful Oracle software, then you’re going to have to find some happy middle ground. At MetrixData 360, we have dealt with Oracle on many different occasions and we have seen what it takes to get the deals that our clients are looking for, so when you’re getting ready for your contract negotiation with Oracle, here are a few things that you can expect.

 

Expect Oracle to Take their Sweet Time

This may be a byproduct of Oracle’s sheer size, as each new request triggers a bureaucratic process, but that doesn’t stop this drawn out process from being frustrating at the best of times. If you are used to dealing with smaller software companies, it may seem like Oracle is dragging out their process unnecessarily. This will be especially true since Oracle has recently reshuffled its sales team structure. The old Oracle sale structure had their whole sales force focused on selling on-prem license and cloud services, with a 1% cut of the contract value of each transaction for on-prem licenses and 5%-10% on cloud service contracts.

 

However, their focus has now shifted to only 25% of the sales force working exclusively on on-prem licensing with no compensation for selling cloud services, and the rest being exclusively put on the task of selling cloud services. This means if you want to cut a deal with a sales rep for on-prem licenses, they might be extremely busy and overworked. Despite the pressure they might be under, make sure that you take the time necessary to understand your current and projected usage so that you can secure a deal that serves your best interest and ensures you don’t get swept up in the whirlwind of licensing jargon.

 

Cloud Services are No Longer a Get Out of Jail Free Card

 

In the old model of Oracle, cloud services would often come up at the end of audits in exchange for a lower overall cost when compared to the compliance gap. Even if you had no intention of using it, the sales reps were happy since it meant they got their 5%-10% cut. However, Oracle’s new sales model now has sales reps only receiving compensation for the transaction if the customer uses it. On the one hand, this means that you no longer have to spend money on a cloud solution that you were never planning on using in the first place, but offering to simply buy a cloud solution no longer makes the sales rep’s eyes sparkle with interest – not unless you’re going to back up your claim with the actual intent to use the products.

 

Exiting Your ULA will be Difficult at Best

 

If your contract negotiation involves redefining the terms of Oracle’s Unlimited License Agreement (ULA), then you might be facing an uphill battle. The ULA has often proved to be quite troublesome, as they are expected to be the target of Oracle’s new audit wave after the release of their 2020 Q4 report. It can also be the target of an audit if you’d like to exit out of your ULA, as one common surprise Oracle likes to give as a going away present when you’ve decided to leave your ULA is an audit of your scripts to compare it to your usage. If you are thinking about exiting your existing ULA, you may find yourself being pushed towards renewing it anyway for a variety of scenarios Perhaps you’ve mistakenly deployed Oracle software not covered by your ULA, or perhaps you have lost track of what has been deployed in your software environment and now have no idea what you would owe if you left your ULA . You may have also deployed your ULA software onto non-Oracle cloud platforms, like Azure or AWS, which will require you to purchase missing licenses.

 

Know Your Data Inside and Out

 

This is true of any negotiation, not just with an Oracle contract renewal. Having strong visibility into your data regarding your software spending and usage will give you the information you need to do more than just guesswork when it comes to your anticipated usage. Data will also give you the ability to plan, instead of simply buying for what you are currently using, you can purchase to accommodate for future growth. Oracle products are also known to be quite lenient – they will often allow you to install and use products without checking your licenses, expecting you to simply know what you are and are not licensed to use. Understanding the ways in which your company intends to or is currently using Oracle will allow you to pick out any changes in use that might occur over time, whether that is intentionally or (more alarmingly) unintentional usage. Knowing your data regarding Oracle will prevent any compliance issues that may arise, even if you are perfectly in control of your Oracle usage.

Take Control of your Oracle Contract Renewal </h2 class=”headline”> 2020 has been rough and it might be necessary to renegotiate your contracts to accommodate for this new normal. Knowing what to expect from a contract negotiation with Oracle will allow you to be better prepared. If you would like help in organizing your next software contract with Oracle, MetrixData 360 has helped successfully navigate our clients through Oracle contracts on many occasions and saved them millions of dollars. If you’d like to know more about how MetrixData 360 can help minimize your software expense while maximizing its value, you can read our new article on how to negotiate for layoffs and saving money during a pandemic.

IBM DB2 vs Oracle Database

With a constantly growing IT infrastructure, it is important to know how your company plans on managing data storage and data management. At MetrixData 360, our customers are taking an interest in IBM’s DB2 and Oracle’s Database, although there seems to be a bit of confusion about which one is right for their system. While we are unaffiliated to any software vendor, we aim to empower our customers to make smarter IT spending decisions for their business and so today, we’d like to go over what IBM DB2 and Oracle Database are and some things to consider before signing any contracts around either.

IBM DB2 Databases

IBM DB2 is a collection of relational database management systems (RDBMS). First commercially released in 1983, DB2 offers its clients a means to manage their structured and unstructured data that is stored both on-prem and in the Cloud. These hybrid data management products are powered by AI capabilities to create an efficient means of providing data insights while being both flexible and scalable. It is one of the three most popular databases available in the market today, alongside Microsoft SQL Servers and Oracle’s Database.

Features of DB2

The reviews for this product rank it highly for its ability to work with substantial amounts of data without reducing its performance by any means. Clients also report receiving very little downtime from the product. IBM’s DB2 is praised for its stability, customers reporting that both its hardware and software have proven reliable. DB2 is also proven to have excellent storage capabilities, and claims to be especially SQL server compatible, so if you have experience with similar products, you won’t be starting from square one.

Disadvantages of DB2

Reviews on Gartner from IBM’s clients reveal that the setup of DB2 can be quite laborious and there is a risk that queries would produce the wrong results if the DB2 fails to interact correctly with other products. There is also a learning curve to be found with DB2 and it requires a skilled team for the product to reach its full potential. The tools for queries have also been reported to be a bit lacking.

What is the Future of DB2

In June of 2019, IBM released DB2 11.5, which is praised for its AI capabilities. This new database is powered by and run by AI. The benefits of this can be found in the database’s high-speed queries, and its ability to handle natural language querying, which are styled after search engines and can provide a similar user experience.

Can IBM DB2 be Taken to the Cloud?

IBM does offer a Cloud solution, IBM DB2 on Cloud, which presents tempting features like quick and easy installation, compatibility with Oracle’s database, and even a free tier available if you’d like to try it out – though we always advise caution around free software and exposure to shadow IT. Although reviews have claimed that it lacks the regional options of larger Cloud platforms, so it is always best to check the availability of IBM Cloud capabilities in your particular region, as it could easily influence its overall performance and your user experience.

Oracle Database

Another popular option that many businesses are opting into is the highly reputable Oracle Database. Oracle Database appeared in 1979 with Oracle v2 being marked as the first commercially available SQL-based RDBMS.

Features of Oracle Database

Oracle comes with many wonderful features, such as their high quality support, scalability, and the ability to track sophisticated architecture. It has also been reported to be extremely reliable, with very little down time and applying new instances to Oracle can be relatively painless.

Disadvantages of Oracle Database

Some of the disadvantages of having Oracle as your database is, according to reviews on Gartner, that the system needs an experienced administrator at the helm in order to properly manage it. The product is also very expensive, with the tool proving out of reach for most start-up businesses on a budget.

The Future of Oracle Database

Oracle has been tentatively looking into things like having algorithms embedded directly into microprocessors and integrating big data storage with the data their customers have already accumulated when installing Oracle Database. Oracle’s database also wishes to make its product able to more easily integrate with other products like SQL Server and JSON.

Can Oracle Database be Taken to the Cloud?

Oracle can be taken to the Cloud thanks to Oracle Cloud for Database Management, which offers a variety of features including the ability to easily implement it, easily creating backups and restore processes and easy patching. One of the main appeals of Oracle Database, according to Oracle’s own website, can be found in in the fact that you can move to the Cloud seamlessly, using the same technology that you had on-prem and claiming to have zero downtime during the transition (although reviews have tracked the installation time to anywhere between 2.5-3.5 hours). The product has also been praised in Gartner Reviews for being able to handle a large workload (one review even claims to run a million daily transactions through Oracle). Although, more critical reviews have said that the auto-extend data storage needs to be improved, and the DB monitor alerts are not exactly effective.

Which Works Best for You?

At MetrixData 360, we want you to make as an informed decision as possible about your next purchase with IBM or Oracle as both have reputations of frequently auditing their customers’ compliance with their difficult to read contracts. It is important that you get a fair deal that best suits your business’s unique software profile. At MetrixData 360, we have saved our clients millions of dollars through successful contract negotiations with IBM, Oracle, Microsoft, and Adobe, just to list a few of the vendors that we have handled in the past. Get the Software Contract Negotiation Experts on your team and save big on your next software contract.

The Invisible Risk of Oracle VirtualBox

Is there a way a free piece of software downloaded off the Internet can cost your company potentially huge auditing fines? Oracle VirtualBox is one such seemingly benign application that can prove a major liability for your company.  Oracle VirtualBox acts as the coordinator of virtual machines from multiple operating systems and can improve the performance of guest virtual machines. It is a free piece of Open Source software for anyone to download. At MetrixData 360, we have seen that Oracle is actually targeting companies with VirtualBox installed on their company desktops and in this article, we’re going to discuss why that is and what it could mean for your company.

A Quick Definition of ‘Copyleft’

In the software licensing world, there are two definitions of ‘free’. There is the regular definition of the word free, where you don’t have to pay for anything. Then there is open source software, which is also described as ‘free software’ or ‘Copyleft licensing’, a term which can be applied to VirtualBox’s General Public License version 2 (GPLv2). Open source means that you may or may not be asked to pay for the software, but once you have the software, you can crack it open and tinker with the source code. You’re allowed to learn from it, improve upon it, and you can even pull out pieces you like and use the code to make other things. It’s great for hobbyists who want to develop their coding skills, especially since doing this same thing to regular copyrighted software would send them straight into a copyright infringement lawsuit.

The only real rule when playing around with open source software is that you can’t make money off of the software codes, and if you give the software to someone else, then you have to allow them access to the source codes as well. For example, if I made a game out of open source code, I could share it with my friends or post it online for people to play so long as I supplied them with the open source library I used to make it and offered the game for free. While this can be great for some, things have the tendency to enter the grey area quickly when open source code enters the corporate realm. Even if you aren’t directly selling anything with open source codes, what technically constitutes as ‘making money’ from the software? That’s where things get sticky.

Problems with VirtualBox

VirtualBox is free in every sense of the word; you don’t have to pay for it, and you can play around with the code as much as you like, so what is the issue? Sadly, there are many issues that arise when your business decides to get VirtualBox.

VirtualBox’s Extension Pack

VirtualBox is broken down into three parts. The Basic Package, the Extension Pack, and the Guest Additions. The Basic Package and the Guest Additions are free, however, the Extension Pack that you can install just as easily to go with VirtualBox is distinctly not free. The Extension Pack is what you need to buy a license for.

Why Get The Extension Pack?

The Extension Pack is enticing for many reasons. Namely, it improves the performance of the VirtualBox and while the VirtualBox alone only supports USB 1.1 devices, the Extension Pack Supports USB 2.0 and 3.0 devices. If you have an issue with VirtualBox and you don’t have the Extension Pack, then you can consult the VirtualBox Community. This is basically a reddit-like board consisting of a collection of software enthusiasts who may just have the solution to the problem you’re facing. However, if you get the Extension Pack, then you are eligible for support, updates, and maintenance from Oracle.

Can the Extension Pack be Redistributed?

Unlike the rest of VirtualBox, the Extension Pack is subject to the Personal Use and Evaluation License (PUEL), which means that you can download the Extension Pack onto a single host computer for non-commercial purposes, which a company distinctly doesn’t fall under. Unlike with the GPLv2, which allows for redistribution, you can’t redistribute the Extension Pack without a special license from Oracle.

How Much Does the Extension Pack Cost?

The Extension Pack has two pricing models that you can pick between, as seen below and published on Oracle’s website:

Oracle VirtualBox Pricing Chart

It is important to note that if you chose to use the socket pricing model (a socket is what hosts a chip, which contains a collection of one or multiple cores), then you will need a license for all the hosts within a vCenter, which could expand throughout multiple data centers. This means that anything the VirtualBox touches needs to be licensed. In addition, any environments like Test/Development servers that interact with VirtualBox also need to be licensed. Failure to attend to these issues could easily translate to owing Oracle hundreds of thousands of dollars in required licenses, depending on the size of your infrastructure.

 

Shadow IT

Does your company have VirtualBox installed on its desktops? If you have a discovery tool in place as a part of your Software Asset Management process, that’s probably where your thoughts are turning if you want to find the answer. However, at MetrixData 360, we are repeatedly finding that discovery tools that are available today are unable to detect the presence of VirtualBox on a device. Without that visibility, the only options you possess for monitoring the usage of VirtualBox is either checking the desktops manually (a gruelling process which leaves a very likely threat of human error), or we have suggested to many clients, simply put a company-wide block on the webpage where you can download VirtualBox.

 

The Foot in the Door for a Software Audit

While the presence of VirtualBox may be a blind spot to you, it certainly isn’t for Oracle. They are notified of every installation of VirtualBox and will be able to know which desktops in your company have VirtualBox. Even if your company is out of compliance when it comes to VirtualBox’s Extension Pack, your penalty may be somewhere shy of USD $1,000, which amounts to pennies for larger corporations. Since the fine is so small, it may lead companies to brush it off, but this small fine could easily lead to a bigger problem. Catching Oracle’s attention by being out of compliance with VirtualBox has resulted in many companies receiving a larger software audits from Oracle since they now have evidence to suggest the company’s software environment is not as organized as it ought to be. It’s best to tackle this small problem before it grows into a larger one.

 

So, How Do You Check Your Environment for VirtualBox?

If at this point you are wondering how exactly you figure out who already has VirtualBox on their desktops within your company, you can use the following instructions to manually check if a desktop has the Extension Pack.

Check Environment for Virtualbox

 

For More Information About Oracle VirtualBox

We have found that incidents of shadow IT within an organization are an unfortunately common occurrence that can create security problems, costly app sprawls, and as we saw in the case of VirtualBox, compliance issues. In order to avoid this, it is important to implement a strong software asset management process that can regulate the installation of software. If you would like to know more about the general benefits of software asset management, you can check out our article, Software Asset Management: Its Importance, Purpose, and How it Saves Money.

Book a Meeting with an Oracle Licensing Expert

Find out if our services are right for your company. Book a half hour meeting with our team and find out if MetrixData 360 is the right fit for your organization.

Microsoft, Oracle, IBM, and Adobe Software Audits at a Glance

The Top Four Software Vendors Sending Out Software Audits

It is likely that your software budget is shrinking yet your software vendors are looking for you to spend more money with them every year. When software companies can’t get the revenue they expect from you, they will often turn to software audits as a way to make up the difference. Software audits are many things: stressful, frustrating, leave you thinking that living in a cave, herding goats might have been an easier career path. But for the software publishers’ audits are quite profitable, and they have come to exploit this as a way to make their annual revenue growth targets.

Gartner has said that there is a 60% or greater chance that enterprises will be audited by at least one software publisher in any given year. The best way for you to handle the rising tide of software audit requests is by knowing your software environment and performing routine health checks to uncover areas of exposure. We cover the top areas where a company is exposed to in a software audit in our article Software Audit Preparation: What You Need to Know.

The Biggest Companies Performing Software Audits Are:

  • Microsoft
  • IBM
  • Oracle
  • Adobe

At MetrixData360, we have extensive experience working with all of these vendors, and we know how to handle an audit from each. In this post we’ll discuss some of the things you need to know about each of the software vendors and how to handle them during a software audit.

Microsoft Audit

Microsoft often claims that their audits are simple, short, and painless. In our eight years of defending companies during their software audits, we’ve yet to see a Microsoft audit that has matched this description.

Instead, we have seen audits that take almost 18 months to finalize as customers try to dig through rising mountains of data that are required as part of a Microsoft Audit (or SAM Engagement). Here are just a few tips for dealing with a Microsoft software audit:

    • SAM Audit or Review?

From our experience, Microsoft can either offer you SAM reviews or audits. SAM reviews are technically optional but refusing will likely result in getting audited. For a full breakdown of the difference between a Software Audit and a SAM review, visit our post Software Asset Management (SAM) Review vs Audit: What’s the Difference?

    • Respond to Your Vendor

We are often asked if you need to respond to an audit or a SAM letter. The short answer is yes, it is highly advisable that you respond to both. Not responding to a software audit, can find you in breach of your contract and leave you facing potential legal ramifications and hefty fines up to $100,000 USD. Although you could technically refuse a SAM Engagement, you could also find yourself running the risk of being in breach of your contract.

It has been our experience that refusing a SAM review will often result in Microsoft responding by sending you a full audit that you can’t refuse. Therefore, it would be more beneficial for you and your company to negotiate with Microsoft to perform a self-assessment as opposed to having a Microsoft partner perform the audit. A SAM engagement will be nearly identical to an audit after the data collection stage has begun and you will struggle to see the difference between the two processes until the negotiation stage has been reached.

    • Software Reviews vs Software Audits

The real difference between a SAM review and an audit can be seen when examining the penalties of each and how they are resolved. In a SAM review, you will be allowed to purchase your missing licenses at your contracted prices or at your historically discounted rate. In an audit, on the other hand, Microsoft has the right to charge any shortfalls at List Price in addition to a 5% penalty, although this may vary depending on your contract.

    • Paying For An Audit

Another difference between a SAM review and full audit appears when asking who will pay for the whole process. Microsoft will pay for the cost of the SAM engagement themselves whereas in an audit if you are found to be greater than 5% out of compliance you will be responsible for paying for the audit yourself in addition to any penalties you are incurred during the audit.

IBM Audit

IBM audits can be especially tough, since many of their license metrics require you to accurately have installed their ILMT tool in order to effectively capture your estimated license position (we have found that the majority of IBM’s customers have not done this correctly). Here are some things to consider that can help in the case of an IBM audit:

    • True Up Costs

Once your software audit has concluded, IBM will often let you settle at your discounted price with an additional fee for the maintenance that was used for the upkeep of the product when it was unlicensed.

    • Watch For Licensing Changes

IBM is also prone to make licensing changes which can apply to a wide range of their products in the wake of acquiring a new software company to their profile or releasing new versions of their software. When these events occur, be sure to look at your licenses with IBM to check for relevant updates.

    • Properly Set Up and Use ILMT

Our CEO Mike Austin says that you need to understand ILMT and how it works to effectively manage most IBM Software Audits.
According to Mike, “IBM isn’t typically auditing their Passport Advantage program, they are going after the complexity of sub-capacity and PVU based licensing. In order to pass an audit if you are licensing at sub-capacity, you need to have ILMT up and running. You will also need a have a history of reports. Installing and configuring ILMT is tricky and not many companies have done it correctly. In a lot of our work around IBM Audits, we are fixing ILMT reporting before we even start the work of defending an audit.”

    • ILMT Does Not Hold All The Answers

However, installing ILMT doesn’t mean you are 100% safe from IBM’s audits, you can still be found out of compliance.

    • Avoid Scope Creep

Our IBM Audit teams says to make sure you define the audit scope, as IBM is quite notorious for scope creep. You will want to ensure you know which products and contracts are included (and excluded) from the audit.

    • Put The Onus On IBM

You need to get an agreement with IBM (not the reseller- they can’t promise this) stating that IBM will take on the responsibilities to ensure that the product being deployed is correctly licensed. If they fail to then deploy ILMT after such a deal has been reached, then it might be possible to get a concession during an audit.

    • Defend Yourself With Data

Even if IBM doesn’t take responsibility for the licensing of deployed software, you might have a case to circumnavigate adverse findings that can come up due to ILMT’s failures, if you can collect historical system-generated reports that demonstrate the following things:

1) the processor resources that were allotted to the VMs running the PVU-licensed products have been or are capped and are not subject to any automated augmentations-based on system demands and

2) the historical usage of these products never exceeded licensed levels. However, this data has proved difficult for companies to obtain in the past.

Oracle Audit

From our observations, Oracle Audits incur the largest compliance findings typically. We’ve dealt with Oracle many times in the past, and here are some things you should know about how Oracle conducts their audit.

    • Only Pay For What You Use

According to the ITAM Review’s article Oracle Audit: Top 20 Frequently Asked Questions, for Oracle, the installation of software and the licensing of that software are two different events, with the exception of Database Enterprise Editions, so be careful when initially deploying software as it will likely be the cause of issue during an audit. For example, Oracle optional features, such as RAC, get turned on by default when installing databases, these options may only be licensable if you actually use them, not if you have them installed. This is a subtle difference, but it can have a profound impact and it is an area that is often found as being licensable by LMS. However, we have often found that it can be negotiated out with usage data.

    • Oracle Software Review vs Oracle Software Audit

Oracle has Oracle License reviews and Oracle License audits. These are the exact same thing – “review” just sounds friendlier. Both should be treated with the same level of severity.

    • Understand Your Contract

According to Scott & Scott, LLP’s article, Seven Lessons I Learned Representing Clients in Oracle Audits, take extra care to understand Oracle’s policies around usage. Since many of Oracle’s policies will not be included in the license’s documents, there tends to be a lot of confusion generated around this topic. Some areas that produce the largest findings in an Oracle Audit are VMWare and Oracle’s policy stating that all Processors in a cluster must be licensed. This policy has caught many organizations off guard and is the crux of the major lawsuit between Oracle and Mars Corporation.

    • More Gaps Cost More Money

As with Microsoft, if you are found out of compliance on a Oracle Audit you will have to cover the expense for the audit.

    • Use Your Own Tools

Our Oracle Audit Experts state that you are not required to use Oracle’s scripts to collect your data, especially if you have your own methods in place for gathering your data. LMS will try very hard to get you to use their scripts. We recommend, however, that you use your own processes first, if possible.

    • Tools Are Only As Good As The People Using Them

ITAM Review’s article Oracle Audit: Top 20 Frequently Asked Questions, states that Oracle has several approved SAM tools like Lime Software, Easyteam, BDNA, Hewlett-Packard, Flexera Software, Nova Ratio, and iQuate. However, these tools only collect raw data and won’t provide you with the interpretation of that data which will tell you what you need to license. Therefore, just because you have Oracle-approved tools, it doesn’t mean you’re completely safe in an Oracle audit.

    • Get A Paper Trail

In all audits, but especially ones with Oracle, it is highly recommended that you get a closing statement to close out the audit (indemnification is the most ideal). This is especially important with Oracle, as they are a very litigious vendor. You will be happy that you have a closing statement in case the audit ever goes to court and your company’s reputation is suddenly on the line.

Adobe Audit

Compared to the other heavy hitters, Adobe’s software audits can seem like little more than a friendly reminder. However, Adobe’s products can be quite expensive, so it’s important not to let this vendor slip from your mind. Here are some tips about Adobe licensing:

    • Friendlier, But Not Friendly

According to a study released by Gartner in 2016 and presented in their article What Does an End to Adobe Auditing and License Compliance Activity Really Mean?, Adobe has steadily moved away from auditing their customers, focusing instead on their Software as a Service platform and subscription-based licensing. That does not mean your company no longer has to deal with compliancy risks from Adobe, as Adobe still maintains the right to verify compliancy, giving their customers 30 days to provide data to ensure proper usage.

    • Buy What You Need, Not What You Want

The Gartner article also states that with a focus on SaaS and the subscription-based nature of Adobe, along with the lack of an “off-switch” for Adobe products, the main focus of Software Asset Management when it comes to Adobe should be proper sizing and monitoring usage.

    • For Adobe, It’s The Little Things That Count

According to TechRepublic’s article How to Prevent or Navigate an Audit by Adobe, Adobe monitors their customers differently from other vendors. Where Microsoft, Oracle, and IBM are interested in unlicensed software, Adobe is more interested in the protection of their intellectual property and making sure their product is used correctly. Are you correctly licensing any fonts with Adobe? These small questions can accumulate if they are not properly answered.

    • Adobe Does It Themselves

TechRepublic’s article also states that Adobe performs their own compliance verification review as opposed to hiring a third-party auditor, which can either be good or bad depending how far out of compliance you are.

    • Watch For Creative Suite License Changes

One best practice we advise our client’s to adhere to when dealing with Adobe says that you will have to pay particular attention to Creative Suite, as it is prone to change almost every year and these constant updates make it difficult to keep track of products. It will often leave programs as obsolete and the licensing for it makes it difficult to understand what is truly needed.

    • Upgrade Licenses Can Downgrade Your Compliance

Finally, according to TechRepublic’s article How to Prevent or Navigate an Audit by Adobe, Adobe also has no program in place to account for upgrades. Upgrade licenses, therefore, can sometimes stretch back several years – so, keep track of how far back these licenses go and be sure not to leave yourself over-confident (don’t forget that sometimes you can only go back three versions – so tracking that can also be very difficult).

How MetrixData360 Can Help

Software audits have been known to put a strain on any company’s software budget, so knowing about the software vendors that tend to resort to such methods will leave you with a better knowledge of what to expect. At MetrixData360, we believe that you should not have to pay the software vendors more than what you owe them, so it’s important to invest in software asset management long before you’re confronted with a software audit. By clicking the button below, you will be taken to our audit services page, where you can learn more about how we can help you survive a software audit.

Oracle Java Licensing Changes

Java Licensing Update

Did you know Oracle changed the rules on Java licensing earlier this year and that, as a result of this change, many companies may be exposed to an audit by Oracle?   That’s the what all the experts are out there claiming, that you may have 100’s of thousands if not millions of dollars in exposure to unlicensed Java use based on these changes.

Before I get into the 5 Simple tricks to perform a Java Audit, let me tell you… based on experience from the Java Audits that MetrixData 360 have conducted to-date, this doomsday financial ticking time bomb is neither accurate nor true.  Yes, you could potentially owe a million dollars, but our average findings indicate that the amount of unlicensed Java our clients had exposure on was typically less than $50,000.   You can breathe a little easier now!

So why are these Oracle License and Audit experts saying you could owe millions?  The reason is simple. These “experts” are lacking important information to make these claims.  I might go even as far to say, many of them don’t have the expertise to even advise you on what level of licensing you require.  They are making these claims because traditional Oracle licensing is complicated and confusing.  The environments that Oracle run in are large, diverse and expansive.  And I agree with those statements.  A traditional Oracle audit is expensive and complicated.

Oracle Java however, is deployed primarily in your desktop environment.  Most Oracle Licensing and Audit experts don’t have experience with desktop environments….  And yes, I do know that Java can be installed in server environments.  But quite honestly?  An Oracle Java Audit is more like a Microsoft Office audit (on both desktops and servers) than it is like an Oracle Server Audit.

5 Tips for Navigating An Oracle Audit

So let me now tell you the 5 incredibly simple things you need capture to conduct a successful (for you) Java Licensing Audit and determine just how much (or should I say how little?) you may owe Oracle today.

#1 – Understand Your Oracle Deployments

Visualizing and validating your deployment data is one of the most important components to understanding your license position.  Unfortunately, capturing this data accurately is arguably one of the most frustrating things you can go through.  With multiple data sources, rows and rows of data that needs to be stitched together and IT departments that are unaware of all the data that is required – this process is an exercise in frustration for every client we’ve ever worked with.

That’s why MetrixData 360 developed a tool to do it for you!  A great way to understand your deployment data is to utilize a simple data visualization and inventory normalization tool.  Let me introduce you to our custom-developed tool – SAM Compass.  This tool works with your inventory tools (SCCM, Altris, LanDesk etc.) to easily (and accurately!) bring together the data you need in a simple, workable, format; so, you can easily apply software licenses to your deployment in the most optimal manner.

#2 – Determine What is Licensable Today and What is Not!

The key to keeping your costs down is understanding not all of Java is licensable today (or maybe ever).  When it comes to your deployment data, you need a normalized list of Software that is Auditable today.  While this may be easier said than done, our SAM Compass tool has been developed to make this easier.

#3 – Understand Where Java is Bundled (Typically in Server product)

Java is included for free as a restricted use product with many applications.  Weblogic, PeopleSoft, SAP and IBM all have Java bundled into their products that may not require a license.

#4 – Review Your Use of Oracle Java on your Desktops

Many times, Java was included on the desktop for browser applications.  You need to review your use of these products and determine if you need to continue.  You will also want to look at other options (that are still free) such as OpenJDK, as a replacement.

#5 – Hire Java Licensing Experts

If you’ve spent any time trying to understand all the nuances of Java licensing, you know how complicated it is.  Just do a pull of Oracle Java Titles and try and figure out which ones require a license today vs. which ones don’t.  It’s very confusing.  There are experts out there that can help you (cost effectively) determine your compliance position (and provide you with valid recommendations for the future).  MetrixData 360’s SAM Compass tool and our team of experts can save you a lot of time, money and frustration.

If you’d like more information on Java Licensing – download our FAQ document or send us an email at: info@metrixdat360.com to book a demo of our SAM Compass tool for Oracle Java Assessments.

This presentation contains images that were used under a Creative Commons License. Click here to see the full list of images and attributions:

 

Oracle Java Audits – Are You at Risk?

Recently Oracle announced massive changes to how Oracle Java is licensed.  These changes impact everything from how Java is licensed to how the patches and update system works.

Given that Oracle has a history of aggressive audit practices and Java is everywhere, many organizations are very concerned.  Companies are worried about what’s deployed on their networks and the possibility of a non-compliant finding worth potentially millions of dollars.

We have not seen official Oracle Java audits yet but given Oracle’s history with auditing it’s only a matter of time before they move to monetize Java. You don’t want to learn about a licensing gap during an audit.

We recommend getting ahead of the issue by performing a self-assessment of your environment to determine your potential Java licensing exposure.  The challenge is that licensable Java titles are not always easily identified, and it can be time consuming.  

Introducing MetrixData 360’s SAM Compass for Java!

Introducing MetrixData 360’s SAM Compass for Java!

Sam Compass for Java takes the guesswork and data crunching away from you and provides you with a team of licensing experts who quickly get you actionable data so you can make informed decisions.

We are your Software Asset Management experts and we will quickly and efficiently:

Collect and normalize Oracle Java deployment/entitlement data
Identify licensable Java titles
Provide you with an Effective Licence Position
Provide gap mitigation recommendations

Don’t wait on Oracle to call! Be proactive and take advantage of our introductory pricing by calling or emailing us and mention the promo code “Java”.

Contact us at info@metrixdata360.com 

or call us at 888-978-5129 to learn more.

Gartner Encore Presentation

The Many Levels Of Negotiations With The Mega Vendors: Microsoft and Oracle

Just some of what you will learn:
Audits/SAM engagements are on the rise, why?

What do these engagements do for Microsoft and Oracle?

This isn’t about compliance, it’s all about… ?